+AM-08 Commitment to Proper Use, Safe and Secure Handling and Return of Assets
---+AM-08.01B
---+AM-08.02B
---+AM-08.03B
|
1. Übersicht
AM-08 Commitment to Proper Use, Safe and Secure Handling and Return of Assets
-
| Bezeichnung |
Standard |
|
AM-08.01B
|
The cloud service provider determines in a risk assessment (cf. OIS-07) if loss of or unauthorised access to assets could compromise the information security of the cloud service. If so, the cloud service provider's internal and external personnel is provably committed to the policies and procedures for proper use and safe and secure handling of assets before they can be used.
The criterion essentially concerns mobile devices (e.g. notebooks, tablets, smartphones, FIDO2 security keys, etc.), especially if confidential information is stored on them that can be used, in the event of unauthorised access, to obtain privileged access to the cloud service (e.g. if these are used as security tokens for authentication).
|
|
AM-08.02B
|
Any assets handed over are provably returned upon termination of employment.
The criterion essentially concerns mobile devices (e.g. notebooks, tablets, smartphones, FIDO2 security keys, etc.), especially if confidential information is stored on them that can be used, in the event of unauthorised access, to obtain privileged access to the cloud service (e.g. if these are used as security tokens for authentication).
|
|
AM-08.03B
|
If assets cannot be returned prior to or on the day of the termination, the cloud service provider removes the access rights of the personnel no later than the date of termination
The criterion essentially concerns mobile devices (e.g. notebooks, tablets, smartphones, FIDO2 security keys, etc.), especially if confidential information is stored on them that can be used, in the event of unauthorised access, to obtain privileged access to the cloud service (e.g. if these are used as security tokens for authentication).
The removal of access rights of terminated personnel can be implemented by e.g. disabling their identity on the device.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|