Defines the mandatory and recommended tag keys, value formats, and governance controls required for cloud resource cost attribution across multi-cloud environments. This standard ensures that cost visibility, showback, and chargeback are supported by consistent, machine-readable metadata. Compliance enables organizations to attribute 95% or more of cloud spend to accountable owners.
Rationale
Inconsistent tagging is the single largest source of unallocated cloud spend in enterprise environments. A common taxonomy eliminates ambiguity, enables automation, and creates the data foundation on which all other FinOps standards depend.
Scope
Applies to all cloud resources (compute, storage, networking, managed services, and serverless functions) deployed to AWS, Azure, Google Cloud, and Oracle Cloud Infrastructure. Excludes resources provisioned by third-party managed service providers under separate contractual arrangements, provided those providers deliver equivalent cost attribution data.
Requirements
10 requirements - MUST indicates mandatory; SHOULD indicates recommended.
All cloud resources MUST carry a valid value for each mandatory tag key before provisioning is permitted.
Mandatory tag keys MUST include: ApplicationID, CostCenter, Environment, TeamOwner, and DataClassification.
Tag values for CostCenter MUST be drawn from the organization's approved cost center registry and validated at provisioning time.
Tag values for Environment MUST be one of: production, staging, development, testing, sandbox, or shared.
Organizations MUST implement automated policy enforcement (e.g., AWS Service Control Policies, Azure Policy, GCP Organization Policy) to prevent resource creation without mandatory tags.
Tag coverage reporting MUST be produced at minimum monthly, with results reviewed by the FinOps team and relevant business unit owners.
Untagged spend exceeding 5% of total cloud spend MUST trigger a formal remediation plan within 30 days.
Recommended tags SHOULD include: ProductLine, Initiative, CostType (CAPEX/OPEX), and ArchitecturePattern.
Tag inheritance rules for containerized and serverless workloads MUST be documented and applied consistently.
A tag governance policy MUST be reviewed and approved by the FinOps function annually.
Full Description
Cloud resource tagging is the foundational primitive of cost allocation. Without consistent, enforced tagging, organizations cannot attribute costs to business units, products, applications, or environments - making chargeback, showback, and unit economics impossible to execute with confidence.
IFO4-S-001 establishes a canonical taxonomy of tag keys that every cloud resource must carry, along with the governance controls required to enforce and maintain that taxonomy over time. The standard distinguishes between mandatory tags (required for resource provisioning) and recommended tags (required for full financial reporting).
The standard recognizes that tagging strategies differ by cloud provider and resource type. It does not prescribe a single tag key set universally, but instead defines the functional categories that must be covered - cost center, application, environment, team, product, and data classification - and leaves implementation flexibility for naming conventions.
Version 2.1.0 introduced structured value validation requirements, mandating that tag values conform to enumerated lists for high-cardinality keys such as environment and cost center. It also introduced the concept of tag inheritance for containerized workloads, where tags from parent resources propagate to child resources according to defined rules.