|
+PSS-01.02B |
1. ÜbersichtPSS-01.02BThe type and scope of the information in the guidelines and recommendations for the secure use of the cloud service provided will be based on the needs of subject matter experts of the cloud service customers who set information security requirements, implement them or verify the implementation (e.g. IT, Compliance, Internal Audit). The information in the guidelines and recommendations for the secure use of the cloud service address the following aspects, where applicable to the cloud service:1. Procedures for secure configuration; 2. Information sources on known vulnerabilities and update mechanisms; 3. Malware protection for containers or virtual machines; 4. Error handling and logging mechanisms; 5. Authentication mechanisms; 6. Roles and rights framework including combinations that result in an elevated risk; 7. Services and functions for administration of the cloud service by privileged users; 8. Complementary user entity controls; 9. Encryption mechanisms and services; 10. Data leakage prevention; 11. Secure application development and operation on the cloud service; 12. Instructions for using and configuring defensive mechanisms; 13. Instructions for using and configuring wide-area distributed architecture mechanisms; 14. Methods used for client data separation (cf. OPS-30 and OPS-31); 15. How information security risks related to the use of the cloud service can be addressed through proper logging and monitoring mechanisms; and 16. Inbound and outbound interfaces through which the cloud service can be accessed by other cloud services or IT systems of cloud service customers (cf. PI-01).
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|