+OPS-04.01B

1. Overview

OPS-04.01B

Policies and procedures with specifications for protection against malware are documented, communicated, and provided in accordance with SP-01 with respect to the following aspects:

1. Use of system-specific protection mechanisms;
2. Operating protection programmes on system components under the responsibility of the cloud service provider;
3. Operation of protection programmes for personnel's terminal equipment; and
4. Operation of protection programmes on flows coming in over cloud service provider end-devices, as well as all other incoming flows.

Protection programmes for personnel devices can be, for example, server-based protection programmes that scan files in attachments on the server or filter network traffic.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html