+PSS-06 Session Management
---+PSS-06.01B
---+PSS-06.02B
---+PSS-06 Supplementary Information - Complementary Customer Criteria

1. Übersicht

PSS-06 Session Management

-

Bezeichnung	Standard
PSS-06.01B	To protect confidentiality, availability, integrity and authenticity during interactions with the cloud service, a suitable session management system is used that corresponds to the established rules of technology and is protected against known attacks. Known attacks include manipulation, forgery, session takeover, Denial of Service attacks, enveloping, replay and null cipher attacks.
PSS-06.02B	Mechanisms are implemented that invalidate a session after it has been detected as inactive. The inactivity can be detected by time measurement. In this case, the time interval can be configured by the cloud service provider or - if technically possible - by the cloud service customer.
PSS-06 Supplementary Information - Complementary Customer Criteria	Cloud service customers can use appropriate controls to ensure that they are using the session management protection features of the cloud service in accordance with their own ISMS. They also set the time period after which a session becomes invalid according to their own ISMS specifications.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html

Impressum