+CRY-05.01AC

1. Übersicht

CRY-05.01AC

The cloud service provider ensures that secure encryption mechanisms are in place to prevent the recovery of cloud service customer data when resources are reallocated or physical media are recovered.

The requirement of 'accessible only by the cloud service customer' means that encryption keys remain solely within the knowledge and control of the owner. This can be addressed by implementing a secure key management system. If a key management system is used, the keys need to be protected from usage not explicitly authorised by the owner of the key and remain inaccessible in plaintext.

This criterion does not apply to data that cannot be encrypted for the provision of the cloud service for functional reasons.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html