Cloud Computing Compliance Criteria Catalogue (C5:2026)

Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/) 

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html 

Vorgänge
Standard C5:2026

C5:2026

Vorgänge
+ C5:2026
---+ Asset Management (AM)
------+ AM-01 Asset Management Framework
---------+ AM-01.01B
---------+ AM-01.01AC
---------+ AM-01.02AC
------+ AM-02 Asset Inventory
---------+ AM-02.01B
---------+ AM-02.02B
---------+ AM-02.03B
---------+ AM-02.04B
---------+ AM-02.05B
------+ AM-03 Hardware Asset Inventory
---------+ AM-03.01B
------+ AM-04 Software Asset Inventory
---------+ AM-04.01B
---------+ AM-04.01AC
------+ AM-05 Policy for the Proper and Secure Use of Assets
---------+ AM-05.01B
---------+ AM-05.02B
------+ AM-06 Commissioning of Hardware
---------+ AM-06.01B
---------+ AM-06.02B
------+ AM-07 Decommissioning of Hardware
---------+ AM-07.01B
---------+ AM-07.02B
---------+ AM-07.01AC
---------+ AM-07.01AS
------+ AM-08 Commitment to Proper Use, Safe and Secure Handling and Return of Assets
---------+ AM-08.01B
---------+ AM-08.02B
---------+ AM-08.03B
------+ AM-09 Asset Classification and Labelling
---------+ AM-09.01B
---------+ AM-09.02B
---------+ AM-09.03B
---------+ AM-09.04B
---------+ AM-09.01AC
---------+ AM-09.02AC
---------+ AM-09.03AC
---------+ AM-09.04AC
---------+ AM-09 Supplementary Information - Complementary Customer Criteria
------+ AM-10 Protection of Hardware on Hold
---------+ AM-10.01B
---------+ AM-10.01AS
------+ AM-11 Transfer of Hardware
---------+ AM-11.01B
---------+ AM-11.02B
---------+ AM-11.03B
------+ AM-12 Removable Media and Endpoint Devices
---------+ AM-12.01B
---------+ AM-12.01AC
---+ Business Continuity Management (BCM)
------+ BCM-01 Business Continuity and Emergency Management System
---------+ BCM-01.01B
---------+ BCM-01.02B
---------+ BCM-01.03B
---------+ BCM-01.04B
------+ BCM-02 Business Impact Analysis
---------+ BCM-02.01B
---------+ BCM-02.02B
---------+ BCM-02 Supplementary Information - Complementary Customer Criteria
------+ BCM-03 Business Continuity Plans
---------+ BCM-03.01B
---------+ BCM-03.02B
---------+ BCM-03 Supplementary Information - Complementary Customer Criteria
------+ BCM-04 Testing Business Continuity
---------+ BCM-04.01B
---------+ BCM-04.02B
---------+ BCM-04.01AC
---------+ BCM-04.02AC
---------+ BCM-04.03AC
---------+ BCM-04.04AC
---------+ BCM-04 Supplementary Information - Complementary Customer Criteria
---+ Compliance (COM)
------+ COM-01 Identification of Applicable Legal, Regulatory, Self-imposed or Contractual Requirements
---------+ COM-01.01B
---------+ COM-01.01AC
------+ COM-02 Policy for Planning and Conducting Audits
---------+ COM-02.01B
---------+ COM-02.02B
---------+ COM-02.01AC
---------+ COM-02.01AS
---------+ COM-02 Supplementary Information - Complementary Customer Criteria
------+ COM-03 Internal Audits of the Information Security Management System
---------+ COM-03.01B
---------+ COM-03.02B
---------+ COM-03.03B
---------+ COM-03.01AC
---------+ COM-03.02AC
---------+ COM-03.03AC
------+ COM-04 Information on Information Security Performance and Management Assessment of the ISMS
---------+ COM-04.01B
---------+ COM-04.01AC
---------+ COM-04.02AC
---+ Communication Security (COS)
------+ COS-01 Technical Safeguards
---------+ COS-01.01B
---------+ COS-01.02B
---------+ COS-01.03B
---------+ COS-01.01AC
---------+ COS-01 Supplementary Information - Complementary Customer Criteria
------+ COS-02 Security Requirements for Connections in the Cloud Service Provider's Network
---------+ COS-02.01B
------+ COS-03 Monitoring of Connections in the Cloud Service Provider's Network
---------+ COS-03.01B
---------+ COS-03.02B
---------+ COS-03.03B
---------+ COS-03.04B
---------+ COS-03.05B
---------+ COS-03 Supplementary Information - Complementary Customer Criteria
------+ COS-04 Cross-Network Access
---------+ COS-04.01B
---------+ COS-04.02B
---------+ COS-04.01AS
---------+ COS-04 Supplementary Information - Complementary Customer Criteria
------+ COS-05 Networks for Administration
---------+ COS-05.01B
---------+ COS-05.02B
---------+ COS-05.01AC
------+ COS-06 Separation of Data Traffic in Jointly Used Network Environments
---------+ COS-06.01B
---------+ COS-06.01AC
---------+ COS-06 Supplementary Information - Complementary Customer Criteria
------+ COS-07 Documentation of the Network Topology
---------+ COS-07.01B
---------+ COS-07.02B
---------+ COS-07.03B
---------+ COS-07.04B
------+ COS-08 Policies for Data Transmission
---------+ COS-08.01B
---------+ COS-08.02B
---------+ COS-08 Supplementary Information - Complementary Customer Criteria
---+ Cryptography and Key Management (CRY)
------+ CRY-01 Policy for the Use of Cryptographic Mechanisms
---------+ CRY-01.01B
---------+ CRY-01.02B
---------+ CRY-01.01AC
---------+ CRY-01.02AC
---------+ CRY-01.03AC
------+ CRY-02 Cryptographic Change Management
---------+ CRY-02.01B
---------+ CRY-02.02B
---------+ CRY-02.03B
---------+ CRY-02 Supplementary Information - Complementary Customer Criteria
------+ CRY-03 Review of Cryptography Practices
---------+ CRY-03.01B
---------+ CRY-03.02B
------+ CRY-04 Protection of Data for Transmission (Transport Protection)
---------+ CRY-04.01B
---------+ CRY-04.02B
---------+ CRY-04.01AS
---------+ CRY-04 Supplementary Information - Complementary Customer Criteria
------+ CRY-05 Encryption of Sensitive Data at Rest
---------+ CRY-05.01B
---------+ CRY-05.02B
---------+ CRY-05.03B
---------+ CRY-05.04B
---------+ CRY-05.05B
---------+ CRY-05.01AC
---------+ CRY-05 Supplementary Information - Complementary Customer Criteria
------+ CRY-06 Secure Key Generation
---------+ CRY-06.01B
------+ CRY-07 Rotation of Cryptographic Keys
---------+ CRY-07.01B
------+ CRY-08 Public-Key Certificate Issuance
---------+ CRY-08.01B
---------+ CRY-08 Supplementary Information - Complementary Customer Criteria
------+ CRY-09 Secure Key Provisioning
---------+ CRY-09.01B
---------+ CRY-09.02B
------+ CRY-10 Secure Storage of Keys
---------+ CRY-10.01B
---------+ CRY-10.01AC
------+ CRY-11 Cryptographic Key Archival
---------+ CRY-11.01B
------+ CRY-12 Cryptographic Key Transition Management
---------+ CRY-12.01B
------+ CRY-13 Handling of Compromised Keys
---------+ CRY-13.01B
---------+ CRY-13.02B
------+ CRY-14 Secure Deactivation of Cryptographic Keys
---------+ CRY-14.01B
------+ CRY-15 Requirements for Pre-Shared Keys
---------+ CRY-15.01B
------+ CRY-16 Operational Continuity for Key Management
---------+ CRY-16.01B
---------+ CRY-16.02B
------+ CRY-17 Cryptographic Key Lifecycle Management
---------+ CRY-17.01B
---------+ CRY-17.02B
------+ CRY-18 Usage of External Key Management Systems
---------+ CRY-18.01B
---------+ CRY-18 Supplementary Information - Complementary Customer Criteria
------+ CRY-19 Secure Handling of Customer Managed Keys
---------+ CRY-19.01B
---------+ CRY-19 Supplementary Information - Complementary Customer Criteria
---+ Procurement, Development and Modification of Information Systems (DEV)
------+ DEV-01 Policies for the Development/Procurement of System Components
---------+ DEV-01.01B
---------+ DEV-01.02B
---------+ DEV-01.03B
---------+ DEV-01.01AC
------+ DEV-02 Outsourcing of the Development
---------+ DEV-02.01B
---------+ DEV-02.02B
---------+ DEV-02.01AC
---------+ DEV-02.02AC
------+ DEV-03 Policies for Changes to System Components
---------+ DEV-03.01B
------+ DEV-04 Safety Training and Awareness Programme Regarding Continuous Software Delivery and Associated Systems, Components or Tools
---------+ DEV-04.01B
---------+ DEV-04.02B
------+ DEV-05 Design Documentation for Security Features
---------+ DEV-05.01B
------+ DEV-06 Risk Assessment, Categorisation and Prioritisation of Changes
---------+ DEV-06.01B
---------+ DEV-06.02B
---------+ DEV-06.01AC
------+ DEV-07 Testing Changes
---------+ DEV-07.01B
---------+ DEV-07.02B
---------+ DEV-07.03B
---------+ DEV-07.04B
---------+ DEV-07.05B
---------+ DEV-07.01AC
---------+ DEV-07 Supplementary Information - Complementary Customer Criteria
------+ DEV-08 Logging of Changes
---------+ DEV-08.01B
---------+ DEV-08.02B
---------+ DEV-08.01AC
------+ DEV-09 Version Control
---------+ DEV-09.01B
---------+ DEV-09.02B
---------+ DEV-09.03B
---------+ DEV-09.01AC
---------+ DEV-09.02AC
------+ DEV-10 Approvals for Provision in the Production Environment
---------+ DEV-10.01B
---------+ DEV-10.02B
---------+ DEV-10.01AC
---------+ DEV-10 Supplementary Information - Complementary Customer Criteria
------+ DEV-11 Protection of Development and Test Environments
---------+ DEV-11.01B
------+ DEV-12 Separation of Environments
---------+ DEV-12.01B
---------+ DEV-12.02B
------+ DEV-13 Transparency about Software Components
---------+ DEV-13.01B
---------+ DEV-13.02B
------+ DEV-14 Secure Use of Third Party Hardware and Software
---------+ DEV-14.01B
---------+ DEV-14.02B
---------+ DEV-14.03B
---------+ DEV-14.01AC
------+ DEV-15 Exceptions to the Change Management Process
---------+ DEV-15.01B
---+ Information on the General Conditions of the Cloud Service
------+ GC-01 Information on applicable law, jurisdiction, countries, partitions, regions, zones and locations
------+ GC-02 Information on availability and incident handling during regular operation
------+ GC-03 Information on recovery parameters in emergency operation
------+ GC-04 Information on the approach to ensuring service availability
------+ GC-05 Information on how investigation requests from government agencies are handled
------+ GC-06 Information on certifications or attestations
---+ Personnel (HR)
------+ HR-01 Verification of Qualification and Trustworthiness
---------+ HR-01.01B
---------+ HR-01.02B
---------+ HR-01.03B
---------+ HR-01.04B
---------+ HR-01.05B
---------+ HR-01.06B
---------+ HR-01.01AC
------+ HR-02 Employment Terms and Conditions
---------+ HR-02.01B
---------+ HR-02.02B
---------+ HR-02.03B
---------+ HR-02.04B
---------+ HR-02.05B
------+ HR-03 Security Training and Awareness Programme
---------+ HR-03.01B
---------+ HR-03.02B
---------+ HR-03.03B
---------+ HR-03.04B
---------+ HR-03.01AC
---------+ HR-03.02AC
---------+ HR-03.03AC
---------+ HR-03.04AC
---------+ HR-03.05AC
---------+ HR-03.02AS
------+ HR-04 Disciplinary Measures
---------+ HR-04.01B
---------+ HR-04.02B
---------+ HR-04.03B
---------+ HR-04.04B
------+ HR-05 Responsibilities in the Event of Termination or Change of Employment
---------+ HR-05.01B
------+ HR-06 Non-disclosure Agreements
---------+ HR-06.01B
---------+ HR-06.02B
---------+ HR-06.03B
---------+ HR-06.04B
---------+ HR-06.05B
---------+ HR-06.06B
------+ HR-07 Remote Working - Policy
---------+ HR-07.01B
------+ HR-08 Remote Working - Implementation
---------+ HR-08.01B
---+ Identity and Access Management (IAM)
------+ IAM-01 Policy for Identities and Access Rights
---------+ IAM-01.01B
---------+ IAM-01.02B
---------+ IAM-01.03B
---------+ IAM-01.01AC
------+ IAM-02 Granting and Change of Identities and Access Rights
---------+ IAM-02.01B
---------+ IAM-02.02B
---------+ IAM-02.03B
------+ IAM-03 Risk-Based Procedure for Locking and Withdrawal of Identities
---------+ IAM-03.01B
---------+ IAM-03.02B
---------+ IAM-03.03B
---------+ IAM-03.04B
---------+ IAM-03.01AC
---------+ IAM-03.02AC
---------+ IAM-03.03AC
---------+ IAM-03.03AS
------+ IAM-04 Withdrawal or Adjustment of Access Rights as the Task Area Changes
---------+ IAM-04.01B
---------+ IAM-04.02B
---------+ IAM-04.03B
---------+ IAM-04.04B
---------+ IAM-04.05B
------+ IAM-05 Regular Review of Access Rights
---------+ IAM-05.01B
---------+ IAM-05.02B
---------+ IAM-05.03B
---------+ IAM-05.04B
---------+ IAM-05.05B
---------+ IAM-05.01AC
------+ IAM-06 Privileged Access Rights
---------+ IAM-06.01B
---------+ IAM-06.02B
---------+ IAM-06.03B
---------+ IAM-06.04B
---------+ IAM-06.05B
---------+ IAM-06.06B
---------+ IAM-06.07B
---------+ IAM-06.08B
---------+ IAM-06.09B
---------+ IAM-06.01AC
---------+ IAM-06.02AC
---------+ IAM-06.03AC
---------+ IAM-06.04AC
------+ IAM-07 Access to Cloud Service Customer Data
---------+ IAM-07.01B
---------+ IAM-07.02B
---------+ IAM-07.03B
---------+ IAM-07.04B
---------+ IAM-07.05B
---------+ IAM-07.06B
---------+ IAM-07.01AC
---------+ IAM-07.02AC
---------+ IAM-07.03AC
---------+ IAM-07.04AC
---------+ IAM-07.03AS
---------+ IAM-07.04AS
---------+ IAM-07.06AS
---------+ IAM-07 Supplementary Information - Complementary Customer Criteria
------+ IAM-08 Authentication Mechanisms
---------+ IAM-08.01B
---------+ IAM-08.02B
---------+ IAM-08.03B
---------+ IAM-08.04B
---------+ IAM-08.05B
---------+ IAM-08.06B
---------+ IAM-08.07B
---------+ IAM-08.02AS
---------+ IAM-08.03AS
------+ IAM-09 Confidentiality of Authentication Information
---------+ IAM-09.01B
---------+ IAM-09.02B
---------+ IAM-09.03B
---------+ IAM-09.04B
---------+ IAM-09.05B
---------+ IAM-09.06B
---------+ IAM-09.07B
---------+ IAM-09.01AC
---+ Dealing with Investigation Requests from Government Agencies (INQ)
------+ INQ-01 Legal Assessment of Investigation Requests
---------+ INQ-01.01B
---------+ INQ-01.02B
---------+ INQ-01 Supplementary Information - Complementary Customer Criteria
------+ INQ-02 Informing Cloud Service Customers about Investigation Requests
---------+ INQ-02.01B
---------+ INQ-02 Supplementary Information - Complementary Customer Criteria
------+ INQ-03 Limiting Access to or Disclosure of Data in Investigation Requests
---------+ INQ-03.01B
---------+ INQ-03.02B
---------+ INQ-03.01AC
---------+ INQ-03.02AC
------+ INQ-04 Communication of Technical Procedures for Data Disclosure in Investigation Requests
---------+ INQ-04.01B
---------+ INQ-04.02B
---------+ INQ-04.03B
---------+ INQ-04 Supplementary Information - Complementary Customer Criteria
---+ Organisation of Information Security (OIS)
------+ OIS-01 Information Security Management System (ISMS)
---------+ OIS-01.01B
---------+ OIS-01.02B
---------+ OIS-01.03B
---------+ OIS-01.01AC
---------+ OIS-01.01AS
------+ OIS-02 Information Security Policy
---------+ OIS-02.01B
---------+ OIS-02.02B
---------+ OIS-02.03B
------+ OIS-03 Interfaces and Dependencies
---------+ OIS-03.01B
---------+ OIS-03.02B
---------+ OIS-03.03B
---------+ OIS-03.04B
---------+ OIS-03.05B
---------+ OIS-03 Supplementary Information - Complementary Customer Criteria
------+ OIS-04 Segregation of Duties
---------+ OIS-04.01B
---------+ OIS-04.02B
---------+ OIS-04.03B
---------+ OIS-04.04B
---------+ OIS-04.01AC
---------+ OIS-04.02AC
------+ OIS-05 Threat Intelligence
---------+ OIS-05.01B
---------+ OIS-05.02B
---------+ OIS-05.03B
------+ OIS-06 Contact with Relevant Government Agencies and Interest Groups
---------+ OIS-06.01B
------+ OIS-07 Risk Management Policy
---------+ OIS-07.01B
------+ OIS-08 Application of the Risk Management Policy - Risk Assessment
---------+ OIS-08.01B
---------+ OIS-08.02B
---------+ OIS-08.03B
---------+ OIS-08.04B
---------+ OIS-08.05B
---------+ OIS-08.06B
---------+ OIS-08.01AC
---------+ OIS-08.02AC
---------+ OIS-08.01AS
------+ OIS-09 Application of the Risk Management Policy - Risk Treatment
---------+ OIS-09.01B
---------+ OIS-09.02B
---------+ OIS-09.03B
---------+ OIS-09.04B
---------+ OIS-09.05B
---------+ OIS-09.06B
---------+ OIS-09.07B
------+ OIS-10 Information Security in Project Management
---------+ OIS-10.01B
---+ Operations (OPS)
------+ OPS-01 Capacity Management - Planning
---------+ OPS-01.01B
---------+ OPS-01.02B
---------+ OPS-01.03B
---------+ OPS-01.01AC
---------+ OPS-01 Supplementary Information - Complementary Customer Criteria
------+ OPS-02 Capacity Management - Monitoring
---------+ OPS-02.01B
---------+ OPS-02.02B
---------+ OPS-02.01AC
---------+ OPS-02 Supplementary Information - Complementary Customer Criteria
------+ OPS-03 Capacity Management - Controlling of Resources
---------+ OPS-03.01B
---------+ OPS-03.02B
---------+ OPS-03 Supplementary Information - Complementary Customer Criteria
------+ OPS-04 Protection Against Malware - Policies and Procedures
---------+ OPS-04.01B
------+ OPS-05 Protection Against Malware - Implementation
---------+ OPS-05.01B
---------+ OPS-05.02B
---------+ OPS-05.03B
---------+ OPS-05.01AC
---------+ OPS-05.02AC
---------+ OPS-05.03AC
---------+ OPS-05.02AS
---------+ OPS-05 Supplementary Information - Complementary Customer Criteria
------+ OPS-06 Data Backup and Recovery - Policies and Procedures
---------+ OPS-06.01B
---------+ OPS-06.01AS
---------+ OPS-06 Supplementary Information - Complementary Customer Criteria
------+ OPS-07 Data Backup and Recovery - Monitoring
---------+ OPS-07.01B
---------+ OPS-07.02B
---------+ OPS-07.01AC
---------+ OPS-07 Supplementary Information - Complementary Customer Criteria
------+ OPS-08 Data Backup and Recovery - Regular Testing
---------+ OPS-08.01B
---------+ OPS-08.02B
---------+ OPS-08.03B
---------+ OPS-08.04B
---------+ OPS-08.05B
---------+ OPS-08.01AC
---------+ OPS-08.02AC
---------+ OPS-08 Supplementary Information - Complementary Customer Criteria
------+ OPS-09 Data Backup and Recovery - Storage
---------+ OPS-09.01B
---------+ OPS-09.02B
---------+ OPS-09.03B
---------+ OPS-09.04B
---------+ OPS-09.05B
------+ OPS-10 Logging and Monitoring - Policies and Procedures
---------+ OPS-10.01B
---------+ OPS-10 Supplementary Information - Complementary Customer Criteria
------+ OPS-11 Logging and Monitoring - Policies and Procedures for Handling Cloud Service Derived Data and Account Data
---------+ OPS-11.01B
---------+ OPS-11.02B
---------+ OPS-11.01AC
---------+ OPS-11.02AC
---------+ OPS-11 Supplementary Information - Complementary Customer Criteria
------+ OPS-12 Logging and Monitoring - Access, Retention and Deletion
---------+ OPS-12.01B
------+ OPS-13 Logging and Monitoring - Security Information and Event Management
---------+ OPS-13.01B
---------+ OPS-13.02B
---------+ OPS-13.01AC
---------+ OPS-13.02AC
---------+ OPS-13.03AC
------+ OPS-14 Logging and Monitoring - Retention of the Logging Data
---------+ OPS-14.01B
---------+ OPS-14.02B
---------+ OPS-14.03B
---------+ OPS-14 Supplementary Information - Complementary Customer Criteria
------+ OPS-15 Logging and Monitoring - Accountability
---------+ OPS-15.01B
---------+ OPS-15.02B
---------+ OPS-15.03B
---------+ OPS-15.01AC
---------+ OPS-15.02AC
---------+ OPS-15 Supplementary Information - Complementary Customer Criteria
------+ OPS-16 Logging and Monitoring - Configuration
---------+ OPS-16.01B
---------+ OPS-16.02B
------+ OPS-17 Logging and Monitoring - Availability of the Monitoring Software
---------+ OPS-17.01B
---------+ OPS-17.02B
---------+ OPS-17.01AC
---------+ OPS-17.02AC
------+ OPS-18 Managing Vulnerabilities - Policies and Procedures
---------+ OPS-18.01B
---------+ OPS-18.02B
---------+ OPS-18.03B
---------+ OPS-18.04B
---------+ OPS-18.05B
---------+ OPS-18 Supplementary Information - Complementary Customer Criteria
------+ OPS-19 Managing Incidents and Crashes - Policies and Procedures
---------+ OPS-19.01B
------+ OPS-20 Managing Incidents - Implementation
---------+ OPS-20.01B
------+ OPS-21 Managing Crashes - Implementation
---------+ OPS-21.01B
------+ OPS-22 Managing Vulnerabilities, Incidents and Crashes - Penetration Tests
---------+ OPS-22.01B
---------+ OPS-22.02B
---------+ OPS-22.03B
---------+ OPS-22.04B
---------+ OPS-22.05B
---------+ OPS-22.06B
---------+ OPS-22.07B
---------+ OPS-22.08B
---------+ OPS-22.01AC
---------+ OPS-22.02AC
---------+ OPS-22.03AC
---------+ OPS-22.04AC
---------+ OPS-22.05AC
---------+ OPS-22.01AS
---------+ OPS-22.02AS
---------+ OPS-22.03AS
------+ OPS-23 Managing Vulnerabilities, Incidents and Crashes - Measurements, Analyses and Assessments of Procedures
---------+ OPS-23.01B
---------+ OPS-23.02B
------+ OPS-24 Involvement of Cloud Service Customers in the Event of Incidents
---------+ OPS-24.01B
---------+ OPS-24.02B
---------+ OPS-24.01AC
---------+ OPS-24 Supplementary Information - Complementary Customer Criteria
------+ OPS-25 Managing Vulnerabilities, Incidents and Crashes - Vulnerability Scans
---------+ OPS-25.01B
---------+ OPS-25.02B
---------+ OPS-25.03B
---------+ OPS-25.04B
---------+ OPS-25.01AC
---------+ OPS-25.01AS
---------+ OPS-25.02AS
---------+ OPS-25 Supplementary Information - Complementary Customer Criteria
------+ OPS-26 Managing Vulnerabilities, Incidents and Crashes - System Hardening
---------+ OPS-26.01B
---------+ OPS-26.02B
---------+ OPS-26.03B
---------+ OPS-26.04B
---------+ OPS-26.05B
---------+ OPS-26.06B
---------+ OPS-26.05AS
---------+ OPS-26 Supplementary Information - Complementary Customer Criteria
------+ OPS-27 Managing Vulnerabilities - Patch Management Policies and Procedures
---------+ OPS-27.01B
---------+ OPS-27.02B
---------+ OPS-27.03B
---------+ OPS-27.04B
---------+ OPS-27.03AS
------+ OPS-28 Managing Vulnerabilities - Patch Management Implementation
---------+ OPS-28.01B
------+ OPS-29 Managing Vulnerabilities, Incidents and Crashes - Externally Sourced Components
---------+ OPS-29.01B
------+ OPS-30 Separation of Datasets - Policies and Procedures
---------+ OPS-30.01B
------+ OPS-31 Separation of Datasets - Implementation
---------+ OPS-31.01B
---------+ OPS-31.02B
---------+ OPS-31.03B
---------+ OPS-31 Supplementary Information - Complementary Customer Criteria
------+ OPS-32 Confidential Computing - Policies and Procedures
---------+ OPS-32.01B
---------+ OPS-32.02B
---------+ OPS-32.03B
---------+ OPS-32.01AC
------+ OPS-33 Confidential Computing - Remote Attestation
---------+ OPS-33.01B
---------+ OPS-33.02B
---------+ OPS-33.03B
---------+ OPS-33.01AC
---------+ OPS-33.02AC
------+ OPS-34 Container Management - Policies and Procedures
---------+ OPS-34.01B
---------+ OPS-34.02B
---------+ OPS-34.01AC
------+ OPS-35 Container Management - Implementation
---------+ OPS-35.01B
---+ Portability and Interoperability (PI)
------+ PI-01 Safety of Input and Output Interfaces
---------+ PI-01.01B
---------+ PI-01.02B
---------+ PI-01.01AC
---------+ PI-01.02AC
---------+ PI-01.03AC
---------+ PI-01 Supplementary Information - Complementary Customer Criteria
------+ PI-02 Contractual Agreements for the Provision of Data
---------+ PI-02.01B
---------+ PI-02.01AC
---------+ PI-02.02AC
---------+ PI-02 Supplementary Information - Complementary Customer Criteria
------+ PI-03 Secure Deletion of Data
---------+ PI-03.01B
---------+ PI-03.02B
---------+ PI-03.03B
---------+ PI-03 Supplementary Information - Complementary Customer Criteria
---+ Physical Security (PS)
------+ PS-01 Physical Security and Environmental Control Requirements
---------+ PS-01.01B
---------+ PS-01.02B
---------+ PS-01.03B
---------+ PS-01.04B
---------+ PS-01.05B
---------+ PS-01.06B
---------+ PS-01.01AC
---------+ PS-01.02AC
---------+ PS-01.03AC
---------+ PS-01.04AC
---------+ PS-01.05AC
------+ PS-02 Redundancy Model
---------+ PS-02.01B
---------+ PS-02.02B
---------+ PS-02.03B
---------+ PS-02.01AS
---------+ PS-02.02AS
---------+ PS-02 Supplementary Information - Complementary Customer Criteria
------+ PS-03 Perimeter Protection
---------+ PS-03.01B
---------+ PS-03.02B
---------+ PS-03.03B
---------+ PS-03.04B
---------+ PS-03.05B
---------+ PS-03.06B
---------+ PS-03.01AC
------+ PS-04 Physical Site Access Control
---------+ PS-04.01B
---------+ PS-04.02B
---------+ PS-04.03B
------+ PS-05 Protection against Threats from Outside and from the Environment
---------+ PS-05.01B
---------+ PS-05.02B
---------+ PS-05.03B
---------+ PS-05.04B
------+ PS-06 Protection against Interruptions caused by Power Failures and similar Risks to Supply Facilities
---------+ PS-06.01B
---------+ PS-06.02B
---------+ PS-06.03B
---------+ PS-06.01AC
---------+ PS-06.02AC
---------+ PS-06.03AC
---------+ PS-06.04AC
------+ PS-07 Surveillance of Operational and Environmental Parameters
---------+ PS-07.01B
---------+ PS-07.02B
------+ PS-08 Workplace Security Requirements
---------+ PS-08.01B
---+ Product Safety and Security (PSS)
------+ PSS-01 Guidelines and Recommendations for Cloud Service Customers
---------+ PSS-01.01B
---------+ PSS-01.02B
---------+ PSS-01.03B
---------+ PSS-01.04B
---------+ PSS-01.01AC
---------+ PSS-01 Supplementary Information - Complementary Customer Criteria
------+ PSS-02 Identification of Vulnerabilities of the Cloud Service
---------+ PSS-02.01B
---------+ PSS-02.02B
---------+ PSS-02.03B
---------+ PSS-02.01AC
------+ PSS-03 Informing Customers about Known Vulnerabilities
---------+ PSS-03.01B
---------+ PSS-03.02B
---------+ PSS-03.03B
---------+ PSS-03.04B
---------+ PSS-03.05B
---------+ PSS-03.01AC
---------+ PSS-03.02AC
---------+ PSS-03 Supplementary Information - Complementary Customer Criteria
------+ PSS-04 Error handling and Logging Mechanisms
---------+ PSS-04.01B
---------+ PSS-04.02B
---------+ PSS-04.03B
---------+ PSS-04.04B
---------+ PSS-04.05B
---------+ PSS-04.06B
---------+ PSS-04.01AC
---------+ PSS-04 Supplementary Information - Complementary Customer Criteria
------+ PSS-05 Authentication Mechanisms
---------+ PSS-05.01B
---------+ PSS-05.02B
---------+ PSS-05.01AC
---------+ PSS-05 Supplementary Information - Complementary Customer Criteria
------+ PSS-06 Session Management
---------+ PSS-06.01B
---------+ PSS-06.02B
---------+ PSS-06 Supplementary Information - Complementary Customer Criteria
------+ PSS-07 Confidentiality of Authentication Information
---------+ PSS-07.01B
---------+ PSS-07.02B
---------+ PSS-07.03B
---------+ PSS-07 Supplementary Information - Complementary Customer Criteria
------+ PSS-08 Roles and Rights Framework
---------+ PSS-08.01B
---------+ PSS-08.02B
---------+ PSS-08.03B
---------+ PSS-08.04B
---------+ PSS-08 Supplementary Information - Complementary Customer Criteria
------+ PSS-09 Authorisation Mechanisms
---------+ PSS-09.01B
---------+ PSS-09.02B
---------+ PSS-09.03B
---------+ PSS-09.01AC
---------+ PSS-09 Supplementary Information - Complementary Customer Criteria
------+ PSS-10 Software Defined Networking
---------+ PSS-10.01B
---------+ PSS-10.02B
---------+ PSS-10 Supplementary Information - Complementary Customer Criteria
------+ PSS-11 Images for Virtual Machines and Containers
---------+ PSS-11.01B
---------+ PSS-11.01AC
---------+ PSS-11.02AC
---------+ PSS-11 Supplementary Information - Complementary Customer Criteria
------+ PSS-12 Region of Data Processing and Storage
---------+ PSS-12.01B
---------+ PSS-12.02B
---------+ PSS-12.03B
---------+ PSS-12.04B
---------+ PSS-12.01AC
---------+ PSS-12.02AC
---------+ PSS-12.01AS
---------+ PSS-12.02AS
---------+ PSS-12 Supplementary Information - Complementary Customer Criteria
---+ Security Incident Management (SIM)
------+ SIM-01 Policy for Security Incident Management
---------+ SIM-01.01B
---------+ SIM-01.02B
---------+ SIM-01.03B
---------+ SIM-01.04B
---------+ SIM-01 Supplementary Information - Complementary Customer Criteria
------+ SIM-02 Security Incident Response Plans
---------+ SIM-02.01B
---------+ SIM-02.02B
------+ SIM-03 Processing of Security Incidents
---------+ SIM-03.01B
---------+ SIM-03.02B
---------+ SIM-03.03B
---------+ SIM-03.04B
---------+ SIM-03.05B
---------+ SIM-03.06B
---------+ SIM-03.07B
---------+ SIM-03.01AC
---------+ SIM-03.02AC
---------+ SIM-03.03AC
------+ SIM-04 Documentation and Reporting of Security Incidents
---------+ SIM-04.01B
---------+ SIM-04.02B
---------+ SIM-04.01AC
---------+ SIM-04.02AC
---------+ SIM-04 Supplementary Information - Complementary Customer Criteria
------+ SIM-05 Duty of the Personnel to Report Security Incidents to a Central Body
---------+ SIM-05.01B
---------+ SIM-05.02B
---------+ SIM-05.03B
---------+ SIM-05 Supplementary Information - Complementary Customer Criteria
------+ SIM-06 Evaluation and Learning Process
---------+ SIM-06.01B
---------+ SIM-06.02B
---------+ SIM-06.03B
---------+ SIM-06.04B
---------+ SIM-06 Supplementary Information - Complementary Customer Criteria
---+ Security Policies and Procedures (SP)
------+ SP-01 Documentation, Communication and Provision of Policies and Procedures
---------+ SP-01.01B
---------+ SP-01.02B
---------+ SP-01.03B
---------+ SP-01.04B
------+ SP-02 Review and Approval of Policies and Procedures
---------+ SP-02.01B
---------+ SP-02.02B
------+ SP-03 Exceptions from Existing Policies and Procedures
---------+ SP-03.01B
---------+ SP-03.02B
---------+ SP-03.03B
---------+ SP-03.04B
---------+ SP-03.05B
---------+ SP-03.01AC
---------+ SP-03.02AC
---------+ SP-03.03AC
---------+ SP-03 Supplementary Information - Complementary Customer Criteria
---+ Control and Monitoring of Service Providers and Suppliers (SSO)
------+ SSO-01 Policies and Procedures for Controlling and Monitoring Service Organisations
---------+ SSO-01.01B
---------+ SSO-01.01AC
---------+ SSO-01.02AC
------+ SSO-02 Risk Assessment of Service Organisations
---------+ SSO-02.01B
---------+ SSO-02.02B
------+ SSO-03 Data Processing of Service Organisations
---------+ SSO-03.01B
---------+ SSO-03.02B
---------+ SSO-03.01AS
------+ SSO-04 Directory of Service Organisations
---------+ SSO-04.01B
---------+ SSO-04.02B
------+ SSO-05 Monitoring of Compliance with Requirements
---------+ SSO-05.01B
---------+ SSO-05.02B
---------+ SSO-05.03B
---------+ SSO-05.04B
---------+ SSO-05.05B
---------+ SSO-05.06B
---------+ SSO-05.07B
---------+ SSO-05.01AC
---------+ SSO-05.02AC
---------+ SSO-05.03AC
---------+ SSO-05 Supplementary Information - Complementary Customer Criteria
------+ SSO-06 Contract Termination Strategy for Service Organisations
---------+ SSO-06.01B
---------+ SSO-06.02B
------+ SSO-07 Ensuring Transparency within Service Organisations
---------+ SSO-07.01B
---------+ SSO-07.02B
---------+ SSO-07.01AS
------+ SSO-08 Controlling Exchanges with Suppliers of Functional Components
---------+ SSO-08.01B
---------+ SSO-08.02B
---------+ SSO-08.03B

Impressum