+IAM-03.01AC

1. Overview

IAM-03.01AC

The context of authentication attempts is monitored and suspicious events are, as relevant, flagged to authorised persons.

This criterion applies to identities that refer to single, multiple or non-human entities.

The context of an authentication attempt can, but does not have to, include IP addresses, the date and time, or the device used.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html