+COS-02 Security Requirements for Connections in the Cloud Service Provider's Network
---+COS-02.01B

1. Übersicht

COS-02 Security Requirements for Connections in the Cloud Service Provider's Network

COS-02.01B

Specific security requirements are designed, documented and provided for establishing connections within the cloud service provider's network. The security requirements define for the cloud service provider's area of responsibility:

1. In which cases the security zones are to be separated and in which cases cloud service customers are to be logically or physically separated;
2. Which communication relationships and which network and application protocols are permitted in each case;
3. How the data traffic for administration and monitoring is separated from each on network level;
4. How office networks are secured with firewalls and secure WIFI configurations as well as VPN for remote access;
5. Which internal, cross-partition communication is permitted; and
6. Which cross-network communication is allowed.

Cross-partition communication can be realised for e.g. individual regions or locations via e.g. WAN, LAN, VPN, RAS.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html