|
+AM-01.02AC |
1. ÜbersichtAM-01.02ACThe cloud service provider assures that the inventory of assets is up-to-date by implementing monitoring measures to the process that is maintaining it.Assets within the meaning of this domain are the objects required for the information security of the cloud service during the creation, processing, storage, transmission, deletion or destruction of information in the cloud service provider's area of responsibility, e.g. firewalls, load balancers, web servers, application servers and database servers. These objects consist of hardware and software objects. Hardware objects include, but are not limited to: 1. Physical and virtual infrastructure resources (e.g. servers, storage systems, network components); and 2. End user devices if the cloud service provider has determined in a risk assessment that these could endanger the information security of the cloud service in the event of loss or unauthorised access (e.g. mobile devices used as security tokens for authentication). Software objects include, but are not limited to, hypervisors, containers, operating systems, databases, microservices and application programming interfaces (APIs). The lifecycle of an asset includes, depending on the asset type: 1. Acquisition; 2. Commissioning; 3. Maintenance; 4. Decommissioning; and 5. Disposal.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|