|
+IAM-01.01B |
1. ÜbersichtIAM-01.01BThe cloud service provider documents, communicates and makes available according to SP-01:1. An authorisation framework based on role-based access control and the business and security requirements of the cloud service provider; and 2. A policy for managing identities and access rights for internal and external personnel of the cloud service provider and system components that have a role in automated authorisation processes of the cloud service provider. External personnel includes freelancers, temporary workers, suppliers and service providers with access to system components. Requirements for physical access control in accordance with the policy for identities and access rights are specified in more detail in the physical access control policy (cf. PS-04). If the cloud service provider offers federated identity services, in particular if the cloud service provider offers these services as a cloud service broker, the documents defined in these subcriteria should recognise the complexity of the particular cloud service architecture. This can include, but is not limited to, the following aspects: 1. Management of the trust boundaries between the different parties involved in the authentication process of a federated identity; 2. Propagation of identity management-related events across all parties involved in the authentication process of a federated identity; 3. Logging of events related to the authentication process of a federated identity; and 4. Notification of cloud service customers in case of a federation credential being compromised or a trust boundary being violated.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|