|
+AM-01.01AC |
1. ÜbersichtAM-01.01ACThe information collected about assets is considered in logging and monitoring applications to:1. Identify the impact on cloud services and functions in case of events that could lead to a breach of protection objectives; and 2. Support information provided to affected cloud service customers in accordance with contractual agreements. Assets within the meaning of this domain are the objects required for the information security of the cloud service during the creation, processing, storage, transmission, deletion or destruction of information in the cloud service provider's area of responsibility, e.g. firewalls, load balancers, web servers, application servers and database servers. These objects consist of hardware and software objects. Hardware objects include, but are not limited to: 1. Physical and virtual infrastructure resources (e.g. servers, storage systems, network components); and 2. End user devices if the cloud service provider has determined in a risk assessment that these could endanger the information security of the cloud service in the event of loss or unauthorised access (e.g. mobile devices used as security tokens for authentication). Software objects include, but are not limited to, hypervisors, containers, operating systems, databases, microservices and application programming interfaces (APIs). The lifecycle of an asset includes, depending on the asset type: 1. Acquisition; 2. Commissioning; 3. Maintenance; 4. Decommissioning; and 5. Disposal.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|