+PSS-05 Authentication Mechanisms
---+PSS-05.01B
---+PSS-05.02B
---+PSS-05.01AC
---+PSS-05 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
PSS-05 Authentication Mechanisms
-
| Bezeichnung |
Standard |
|
PSS-05.01B
|
The cloud service provided is equipped with authentication mechanisms that can force multi-factor authentication for users, IT components or applications within the cloud service customers' area of responsibility. These authentication mechanisms are set up at all access points that allow users, IT components or applications to interact with the cloud service.
IT components in the sense of this criterion are independently usable objects with external interfaces that can be connected with other IT components.
Access points in the sense of this criterion are those that can be accessed by users, IT components or applications via networks (for users, for example, the login screen on the publicly accessible website of the cloud service provider).
Multi-factor authentication should be enforced and can e.g. be performed with cryptographic certificates, smart cards or tokens.
|
|
PSS-05.02B
|
For privileged users, IT components or applications under the responsibility of the cloud service customer, these authentication mechanisms can be enforced by the cloud service customer.
IT components in the sense of this criterion are independently usable objects with external interfaces that can be connected with other IT components.
Access points in the sense of this criterion are those that can be accessed by users, IT components or applications via networks (for users, for example, the login screen on the publicly accessible website of the cloud service provider).
Multi-factor authentication should be enforced and can e.g. be performed with cryptographic certificates, smart cards or tokens.
|
|
PSS-05.01AC
|
The cloud service offers out-of-band (OOB) authentication, in which the factors are transmitted via different channels (e.g. Internet and mobile network).
IT components in the sense of this criterion are independently usable objects with external interfaces that can be connected with other IT components.
Access points in the sense of this criterion are those that can be accessed by users, IT components or applications via networks (for users, for example, the login screen on the publicly accessible website of the cloud service provider).
Multi-factor authentication should be enforced and can e.g. be performed with cryptographic certificates, smart cards or tokens.
|
|
PSS-05 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that the authentication mechanisms offered by the cloud service are used in accordance with the customer's identity and authorisation management requirements. If cloud service customers operate virtual machines or containers with the cloud service, they ensure with suitable controls that the authentication mechanisms cover container-specific scenarios, such as multi-factor authentication for container hosts and registry access.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|