+OPS-29 Managing Vulnerabilities, Incidents and Crashes - Externally Sourced Components
---+OPS-29.01B

1. Übersicht

OPS-29 Managing Vulnerabilities, Incidents and Crashes - Externally Sourced Components

OPS-29.01B

The cloud service provider designs, implements and maintains technical and organisational measures to manage updates to system components used to provide the cloud service that incorporate third-party or open-source libraries. This includes:

1. Regularly identifying available updates and known vulnerabilities in third-party or open-source libraries used within applications;
2. Evaluating the potential impact of identified updates and vulnerabilities on the applications and the overall security posture;
3. Implementing necessary updates and patches in a timely manner to address identified vulnerabilities; and
4. Continuously monitoring applications to ensure updates are effectively applied and no known or unmitigated vulnerabilities are introduced.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html