+OPS-33 Confidential Computing - Remote Attestation
---+OPS-33.01B
---+OPS-33.02B
---+OPS-33.03B
---+OPS-33.01AC
---+OPS-33.02AC

1. Übersicht

OPS-33 Confidential Computing - Remote Attestation

-

Bezeichnung	Standard
OPS-33.01B	If the cloud service comprises capabilities for confidential computing, the cloud service provider offers remote attestation functionalities for data in-use protection.
OPS-33.02B	Remote attestation functionalities are based on cryptographic means rooted in trusted hard- and software.
OPS-33.03B	Remote attestation functionalities comprise an interface that allows the customer to verify the integrity of the remote attestation. The attestation interface allows customers to securely retrieve attestation evidence from the confidential computing environment. Verification of this evidence may be performed by the customer or by trusted third-party services.
OPS-33.01AC	The cloud service provider clearly defines, documents and communicates the available attestation levels. Remote attestation can be performed at different locations and with different trust levels: 1. Cloud service customers retrieve evidence from TEEs and perform verification in an environment fully trusted by them. This scenario is generally assumed to provide a very strong attestation; 2. Cloud service providers retrieve evidence from TEEs, perform verification in verification services they control and provide verification results and evidence to the cloud service customer. Cloud service customers verify the attestation evidence in an environment fully trusted by them. This scenario is generally assumed to provide a very strong attestation; 3. Cloud service customers retrieve evidence from TEEs and send it to an evidence verification service they trust. This scenario is generally assumed to provide a strong attestation; and 4. Cloud service providers retrieve evidence from TEEs, send it to a verification service in their control and only return verification result to cloud service customers. This scenario is generally assumed to provide a weak attestation.
OPS-33.02AC	The information is part of the guidelines and recommendations for the secure use of the cloud service provided (cf. PSS-01).

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html

Impressum