+BSI C3A - Criteria enabling Cloud Computing Autonomy
---+1 Introduction
------+1.1 Cloud Computing and digital sovereignty
------+1.2 EU Cloud Sovereignty Framework and BSI C5:2026 as the C3A foundation
------+1.3 Structure
------+1.4 Terms of Use
------+1.5 Definitions
---+2 Criteria, Additional Criteria and Supplementary Information
------+SOV-1 Strategic Sovereignty
---------+SOV-1-01 Jurisdiction
------------+SOV-1-01-C1
------------+SOV-1-01-C2
------------+SOV-1-01-SI
---------+SOV-1-02 Registered Office
------------+SOV-1-02-C1
------------+SOV-1-02-C2
------------+SOV-1-02-SI
---------+SOV-1-03 CSP Effective Control
------------+SOV-1-03-C1
------------+SOV-1-03-C2
------------+SOV-1-03-SI
---------+SOV-1-04 CSP Control Change
------------+SOV-1-04-C
------+SOV-2 Legal & Jurisdictional Sovereignty
---------+SOV-2-01 Extraterritorial Exposure
------------+SOV-2-01-C
---------+SOV-2-02 Audit Rights
------------+SOV-2-02-C1
------------+SOV-2-02-C2
------------+SOV-2-02-SI
---------+SOV-2-03 State of Defense Takeover
------------+SOV-2-03-C1
------------+SOV-2-03-C2
------------+SOV-2-03-SI
------+SOV-3 Data Sovereignty
---------+SOV-3-01 Data Residence
------------+SOV-3-01-C1
------------+SOV-3-01-C2
------------+SOV-3-01-C3
------------+SOV-3-01-C4
------------+SOV-3-01-C5
------------+SOV-3-01-SI
---------+SOV-3-02 External Key Management
------------+SOV-3-02-C
------------+SOV-3-02-AC
------------+SOV-3-02-SI
---------+SOV-3-03 External Identity Provider
------------+SOV-3-03-C
------------+SOV-3-03-AC1
------------+SOV-3-03-AC2
------------+SOV-3-03-AC3
---------+SOV-3-04 Logging and Monitoring
------------+SOV-3-04-C
------------+SOV-3-04-AC1
------------+SOV-3-04-AC2
---------+SOV-3-05 Client-Side Encryption
------------+SOV-3-05-C
------------+SOV-3-05-SI
------+SOV-4 Operational Sovereignty
---------+SOV-4-01 Operating Personnel
------------+SOV-4-01-C1
------------+SOV-4-01-C2
------------+SOV-4-01-C3
---------+SOV-4-02 Remote Work
------------+SOV-4-02-C1
------------+SOV-4-02-C2
---------+SOV-4-03 Redundant connectivity providers
------------+SOV-4-03-C
------------+SOV-4-03-AC
---------+SOV-4-04 SOC
------------+SOV-4-04-C1
------------+SOV-4-04-C2
---------+SOV-4-05 Ingress Data Control
------------+SOV-4-05-C
------------+SOV-4-05-AC1
------------+SOV-4-05-AC2
------------+SOV-4-05-SI
---------+SOV-4-06 Update threat analysis
------------+SOV-4-06-C
---------+SOV-4-07 Data exchange monitoring
------------+SOV-4-07-C
------------+SOV-4-07-SI
---------+SOV-4-08 Data exchange gateways
------------+SOV-4-08-C
------------+SOV-4-08-AC
------------+SOV-4-08-SI
---------+SOV-4-09 Disconnect
------------+SOV-4-09-C
------------+SOV-4-09-AC
------------+SOV-4-09-SI
---------+SOV-4-10 Reconnect
------------+SOV-4-10-C
------+SOV-5 Supply Chain Sovereignty
---------+SOV-5-01 Software Dependencies
------------+SOV-5-01-C
------------+SOV-5-01-AC
------------+SOV-5-01-SI
---------+SOV-5-02 Hardware Dependencies
------------+SOV-5-02-C
------------+SOV-5-02-AC
------------+SOV-5-02-SI
---------+SOV-5-03 External Service Dependencies
------------+SOV-5-03-C
------------+SOV-5-03-AC
------------+SOV-5-03-SI
---------+SOV-5-04 Export Restriction
------------+SOV-5-04-C
---------+SOV-5-05 Capacity Management
------------+SOV-5-05-C1
------------+SOV-5-05-C2
------+SOV-6 Technology Sovereignty
---------+SOV-6-01 Source Code Availability
------------+SOV-6-01-C
---------+SOV-6-02 Continuous Service Delivery
------------+SOV-6-02-C
------------+SOV-6-02-AC
---------+SOV-6-03 Software Development
------------+SOV-6-03-C

1. Übersicht

BSI C3A - Criteria enabling Cloud Computing Autonomy

Bundesamt für Sicherheit in der Informationstechnik

C3A - Criteria enabling Cloud Computing Autonomy

Published under Creative-Commons-License CC-BY-ND 4.0 International.

Bezeichnung	Standard
1 Introduction	1 Introduction
2 Criteria, Additional Criteria and Supplementary Information	2 Criteria, Additional Criteria and Supplementary Information

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

BSI C3A - Criteria enabling Cloud Computing Autonomy -
Copyright by Bundesamt für Sicherheit in der Informationstechnik

C3A - Criteria enabling Cloud Computing Autonomy

Published under Creative-Commons-License CC-BY-ND 4.0 International.