+IAM-08.02B

1. Übersicht

IAM-08.02B

The cloud service provider enforces multi-factor authentication (MFA) for all access to the production environment. This requirement applies to both human users and automated processes, ensuring that only authorised entities can access systems and data in the production environment.

Multi-factor authentication implies that different sources for identity verification are used. This applies both to human users and automated processes. Human users may use different factors like a password and a hardware token. Multi-factor authentication for automated processes implies using independent sources for identity verification like e.g. cryptographic keys and a short term token from another source.

Bezeichnung	Standard

1.1 Referenzen

IAM-08.02AS

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html