|
+AM-01.01B |
1. ÜbersichtAM-01.01BAn asset management framework is documented, communicated and provided according to SP-01, in which the following aspects are described:1. Identification of assets which are used to provide the cloud service in the production environment; 2. Definition of a scheme for identifying protection needs based on information processed, stored or transmitted on the asset; 3. Definition of asset types, considering at a minimum the differentiation of hardware and software objects; 4. Definition of asset lifecycles based on the asset type; and 5. Definition of procedures for inventory of hardware and software assets. Assets within the meaning of this domain are the objects required for the information security of the cloud service during the creation, processing, storage, transmission, deletion or destruction of information in the cloud service provider's area of responsibility, e.g. firewalls, load balancers, web servers, application servers and database servers. These objects consist of hardware and software objects. Hardware objects include, but are not limited to: 1. Physical and virtual infrastructure resources (e.g. servers, storage systems, network components); and 2. End user devices if the cloud service provider has determined in a risk assessment that these could endanger the information security of the cloud service in the event of loss or unauthorised access (e.g. mobile devices used as security tokens for authentication). Software objects include, but are not limited to, hypervisors, containers, operating systems, databases, microservices and application programming interfaces (APIs). The lifecycle of an asset includes, depending on the asset type: 1. Acquisition; 2. Commissioning; 3. Maintenance; 4. Decommissioning; and 5. Disposal.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|