+OPS-14 Logging and Monitoring - Retention of the Logging Data
---+OPS-14.01B
---+OPS-14.02B
---+OPS-14.03B
---+OPS-14 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
OPS-14 Logging and Monitoring - Retention of the Logging Data
-
| Bezeichnung |
Standard |
|
OPS-14.01B
|
The cloud service provider retains the generated log data, including SIEM log data, and keeps it in an appropriate, unchangeable and aggregated form, regardless of the source of such data, so that a central, authorised evaluation of the data is possible.
|
|
OPS-14.02B
|
Log data is deleted if it is no longer required for the purpose for which it was collected.
|
|
OPS-14.03B
|
Between logging servers and the assets to be logged, authentication measures are in place to protect the integrity and authenticity of the information transmitted and stored. The transfer uses state of the art encryption or a dedicated administration network (out-of-band management).
|
|
OPS-14 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that they determine whether they require access to the customer-specific portion of the cloud service derived data that consists of log data, and if so, actively request it.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|