+IAM-08.02AS

1. Overview

IAM-08.02AS

The cloud service provider enforces multi-factor authentication (MFA) for all access to any environment. This requirement applies to both human users and automated processes, ensuring that only authorised entities can access systems and data in all of the environments.

These environments include production, development, test and staging environments.

Summary	Standard

1.1 References

IAM-08.02B

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html