+CRY-08 Supplementary Information - Complementary Customer Criteria

1. Overview

CRY-08 Supplementary Information - Complementary Customer Criteria

Cloud service customers ensure with suitable controls that, where they use certificate authority services provided by the cloud service provider, identity verification procedures appropriate to the certificates being issued are implemented and the technical controls provided by the cloud service are configured to enable and enforce identity verification. Cloud service customers ensure with suitable controls that, where they obtain certificates from external Certificate Authorities for their own use, procedures are established for selecting trusted Certificate Authorities and validating the authenticity of obtained certificates.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html