+AM-05 Policy for the Proper and Secure Use of Assets
---+AM-05.01B
---+AM-05.02B

1. Übersicht

AM-05 Policy for the Proper and Secure Use of Assets

-
AM-05.01B Policies and procedures for the proper and secure use of assets are documented, communicated and provided in accordance with SP-01 and address the following aspects of the asset lifecycle as applicable to the asset:

1. Approval procedures for acquisition, commissioning, maintenance, decommissioning, and disposal by authorised personnel or system components;
2. Classification and labelling based on the protection need of the cloud service customer data, cloud service derived data, cloud service provider data and account data as well as measures for the level of protection identified;
3. Secure configuration of mechanisms for error handling, logging, encryption, authentication and authorisation;
4. Requirements for versions of software and images as well as application of patches;
5. Handling of software for which support and security patches are not available anymore;
6. Restriction of software installations or use of services;
7. Protection against malware;
8. Remote deactivation, deletion or blocking;
9. Physical delivery and transport;
10. Dealing with incidents and vulnerabilities;
11. Deletion of cloud service customer data, cloud service derived data, cloud service provider data and account data; and
12. Secure handling and usage of removable media, e.g. by specifying which devices are permitted to interact with removable media and what data can be stored on them or by banning the reuse of removable media.
AM-05.02B The applicability of these aspects is defined based on the cloud service provider's asset management framework (cf. AM-01).

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen

3. Related Regulations

Regulations
Impressum