+PSS-09 Authorisation Mechanisms
---+PSS-09.01B
---+PSS-09.02B
---+PSS-09.03B
---+PSS-09.01AC
---+PSS-09 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
PSS-09 Authorisation Mechanisms
-
| Bezeichnung |
Standard |
|
PSS-09.01B
|
Access to the functions provided by the cloud service is restricted by access controls (authorisation mechanisms) that verify whether users, IT components, or applications are authorised to perform certain actions.
|
|
PSS-09.02B
|
The cloud service provider validates the functionality of the authorisation mechanisms before new functions are made available to cloud service customers and in the event of changes to the authorisation mechanisms of existing functions (cf. DEV-07).
|
|
PSS-09.03B
|
If validation activities reveal vulnerabilities, the procedures for identifying vulnerabilities (cf. PSS-02) are applied and measures for timely remediation or mitigation are initiated.
|
|
PSS-09.01AC
|
Access controls are attribute-based to enable granular and contextual checks against multiple attributes of a user, IT component, or application (e.g., role, location, authentication method).
|
|
PSS-09 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that system components under their responsibility are regularly checked for vulnerabilities and to mitigate these by appropriate measures.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|