+COS-06 Separation of Data Traffic in Jointly Used Network Environments
---+COS-06.01B
---+COS-06.01AC
---+COS-06 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
COS-06 Separation of Data Traffic in Jointly Used Network Environments
-
| Bezeichnung |
Standard |
|
COS-06.01B
|
Cloud service customer data traffic in jointly used network environments is separated on network level according to a documented framework to ensure the confidentiality and integrity of the data transmitted.
If the cloud service provider does not use shared network environments for cloud service customers and instead uses a physical separation, the basic criterion is not applicable.
If the suitability and effectiveness of the logical segmentation cannot be assessed with sufficient certainty (e.g. due to a complex implementation), evidence can also be provided based on audit results of expert third parties (e.g. security audits to validate the framework). The separation of stored and processed data is subject of the criteria OPS-30 and OPS-31. After successful authentication via an insecure communication channel (HTTP), a secure communication channel (HTTPS) is to be used.
With IaaS/PaaS, secure separation is ensured by physically separated networks or encryption of the networks that corresponds to the state of the art. For the definition of state of the art encryption, the BSI Technical Guideline TR-02102 should be considered (cf. CRY-01).
|
|
COS-06.01AC
|
In the case of IaaS/PaaS, the secure separation is ensured by physically separated networks or by means of state of the art encryption in combination with logical network separation or encapsulation.
If the cloud service provider does not use shared network environments for cloud service customers and instead uses a physical separation, the basic criterion is not applicable.
If the suitability and effectiveness of the logical segmentation cannot be assessed with sufficient certainty (e.g. due to a complex implementation), evidence can also be provided based on audit results of expert third parties (e.g. security audits to validate the framework). The separation of stored and processed data is subject of the criteria OPS-30 and OPS-31. After successful authentication via an insecure communication channel (HTTP), a secure communication channel (HTTPS) is to be used.
With IaaS/PaaS, secure separation is ensured by physically separated networks or encryption of the networks that corresponds to the state of the art. For the definition of state of the art encryption, the BSI Technical Guideline TR-02102 should be considered (cf. CRY-01).
|
|
COS-06 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls for those parts of the cloud service under their responsibility that virtual networks are designed, configured and documented in accordance with their network security requirements (e.g. logical segmentation of organisational units).
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|