|
+PSS-12.02AC |
1. ÜbersichtPSS-12.02ACWithin these partitions, the following operations by the cloud service provider are restricted to occur only within the geographical boundaries of the customer-selected partitions:1. Privileged access to the production environment by the cloud service provider, including potential access to cloud service customer data and cloud service derived data; 2. System logging and event monitoring by the cloud service provider, except for processing event logs specifically for threat intelligence and handling IP addresses for routing purposes; and 3. Cryptographic key management and storage practices to ensure keys are handled and stored within limits of the partition. These restrictions considering partitions also apply to any service organisations involved in the operation of the cloud service. This criterion supplements the General Condition GC-01. It does not require the cloud service provider to offer multiple regions or partitions. If the cloud service provider offers only one partition for the cloud service(s) in scope, this does not comprise a deviation from the criterion. If the additional complemental criterion is only applicable for selected partitions in scope of an assurance engagement in accordance with this catalogue, this should be presented in the cloud service provider's description of its system of internal control for the cloud service. This criterion is a prerequisite for technical service sovereignty. Monitoring of threat intelligence data, which excludes any cloud service customer data and account data, and logging of required routing information such as IP addresses are not required to be geographically limited to a single partition.
1.1 Referenzen1.2 Identifizierte Anforderungen1.2 Related Regulation2. Identifizierte Anforderungen
3. Related Regulations
|