+DEV-08 Logging of Changes
---+DEV-08.01B
---+DEV-08.02B
---+DEV-08.01AC
|
1. Übersicht
DEV-08 Logging of Changes
-
| Bezeichnung |
Standard |
|
DEV-08.01B
|
System components for version control and software deployment that are used to manage changes to system components of the cloud service in the production environment are subject to a role and rights framework according to IAM-01 and authorisation mechanisms.
|
|
DEV-08.02B
|
The configuration of these system components ensures that all changes performed by the cloud service provider to system components in the production environment are recorded and can be traced back to the individuals or system components contributing to their development, deployment or implementation.
If the change has external contribution (e.g. use of third-party products, libraries), tracing back individual changes in the development is often not possible. In that case it is sufficient to record the external contribution in the software component list or Software Bill of Materials (SBOM, cf. DEV-13.01B). In addition to that, depending on the nature of the external contribution, the criterion for Outsourcing of the Development (cf. DEV-02) and the criteria for Control and Monitoring of Service Providers and Suppliers (SSO) may apply.
|
|
DEV-08.01AC
|
The cloud service provider enforces the role and rights framework by monitoring the changes made to system components of the cloud service in the production environment. Timely and appropriate remediation measures address any deviations identified during monitoring.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|