+COS-01.02B

1. Übersicht

COS-01.02B

For these technical safeguards, preventive and protective measures are implemented at multiple tiers (defence in depth) within the cloud service to mitigate the risk of breaching the deployed defensive system. This includes network-based cyber attacks such as:

1. Attacks on the basis of irregular incoming or outgoing traffic patterns;
2. Distributed Denial-of-Service (DDoS) attacks;
3. Spoofing attacks;
4. Code injection attacks;
5. DNS tunneling; and
6. IoT attacks targeting devices within a network.

Technical safeguards that provide protection and prevention at multiple tiers are e.g. a special separation in Identity and Access Management, separate logging for protective systems and Web Application Firewalls (WAFs) for accessing protective systems.

Network-based attacks can be conducted e.g. with MAC spoofing and ARP poisoning attacks. Technical safeguards to prevent unknown physical or virtual devices from joining a physical or virtual network can be based on e.g. MACSec according to IEEE 802.1X:2010.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html