+AM-02.05B

1. Übersicht

AM-02.05B

The cloud service provider maintains lists of all users under its responsibility who have access to a specific resource, along with their respective access rights.

Cloud service providers who procure their cloud infrastructure as virtual infrastructure from service organisation (e.g. virtual machines or containers) may use tools provided by the service organisation to inventory those assets, insofar as the cloud service provider deems these suitable based on their asset management framework.

In practice, the implementation of the asset inventory can vary greatly depending on the number, size and complexity of provided cloud services.

These lists can be, but do not have to be, provided by the inventory system established through the criteria AM-02, AM-03 and AM-04.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html