+CRY-02 Cryptographic Change Management
---+CRY-02.01B
---+CRY-02.02B
---+CRY-02.03B
---+CRY-02 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
CRY-02 Cryptographic Change Management
-
| Bezeichnung |
Standard |
|
CRY-02.01B
|
When implementing changes to cryptographic systems, the cloud service provider performs an evaluation of their potential impact in accordance with DEV-06. This process includes an analysis of the cloud infrastructure of the cloud service, as well as an analysis of potential disruptions to cloud service customer-managed workloads and the evaluation of residual risks, cost implications, and integration benefits. The cloud service provider informs cloud service customers of these downstream effects to prevent unforeseen failures within the cloud service customer's specific cryptographic implementations.
When performing the evaluation of the potential impact of changes, the cloud service provider should consider the complexity of the distributed architecture of its cloud service.
|
|
CRY-02.02B
|
All changes and adjustments to cryptographic systems are documented and traceable.
|
|
CRY-02.03B
|
The personnel responsible for cryptographic systems is regularly trained and informed about respective changes.
|
|
CRY-02 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that, if notified about any changes to cryptographic systems by the cloud service provider, they engage actively in a thorough evaluation of potential impacts on their usage of the cloud service.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|