+DEV-14 Secure Use of Third Party Hardware and Software
---+DEV-14.01B
---+DEV-14.02B
---+DEV-14.03B
---+DEV-14.01AC

1. Übersicht

DEV-14 Secure Use of Third Party Hardware and Software

-

Bezeichnung	Standard
DEV-14.01B	Policies and procedures for the use of third party and open source software are documented, communicated and provided in accordance with SP-01. The policy should consider, where applicable, the same aspects as the policy for the proper and secure use of assets (cf. AM-05).
DEV-14.02B	For the hardware and software products (cf. DEV-13) used in the development of the cloud service, a list of dependencies to those products is maintained.
DEV-14.03B	Only trusted sources are used to retrieve third party software. Whenever possible, the authenticity of the software is verified.
DEV-14.01AC	In procurement for the development of the cloud service, the cloud service provider performs a risk assessment in accordance with OIS-07 for every hardware and software product.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html

Impressum