+AM-04.01B

1. Übersicht

AM-04.01B

The cloud service provider maintains a comprehensive inventory of all software assets, including used software (cf. AM-02). This inventory includes information for each entry that:

1. Enables the identification of the software asset;
2. Provides visibility into which other assets use the software asset for the provision of the cloud service; and
3. Enables the cloud service provider to control the software asset, perform a risk assessment and protect its information security.

This basic criterion can, but does not have to, be fulfilled by including the following details for each entry of the software asset inventory:

1. Identification details (such as name, IP address, MAC address, etc.);
2. The version of the software; and
3. The parent resource (hardware asset or software asset) on which the software is installed.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html