+1.5 Definitions

1. Overview

1.5 Definitions

In the following, definitions are provided for key terms used in this document. The definitions are derived from the BSI’s IT-Grundschutz-Kompendium and the international standard ISO/IEC 22123:2023 (Information Technology - Cloud Computing - Part 1: Vocabulary): **Account data ** Class of data specific to each cloud service customer that is required to administer the cloud service. Account data (e.g. payment information, contact information, etc.) is typically generated when a cloud service is purchased and is under the control of the cloud service provider. **Authenticity ** Feature of information in which changes can be uniquely assigned to an originator. **Availability ** The accessibility of information, services, and functions of an IT system, IT applications or IT networks as intended. **Cloud computing ** Paradigm for enabling network access to a scalable and elastic pool of shared physical or virtual resources with self-service provisioning and administration on-demand. Examples of resources include servers, operating systems, networks, software, applications, and storage equipment. Self-service provisioning refers to the provisioning of resources provided to cloud services performed by cloud service customers through automated means. The acronym cloud is synonymous with cloud computing and will also be used in the C3A. **Cloud service ** Information technology service offered via cloud computing. This includes infrastructure (e.g. computing power, storage space), platforms and software. **Cloud service provider ** Natural or legal person providing a cloud service. **Cloud service customer ** Natural or legal person who has a business relationship with the cloud service provider for the purpose of using the cloud service. **Cloud service customer data ** Class of data objects under the control, by legal or other reasons, of the cloud service customer that were input to the cloud service (including credentials to control access to information or other resources), or resulted from using the functionalities of the cloud service by or on behalf of the cloud service customer via the published interface of the cloud service. **Cloud service derived data ** Class of data objects under cloud service provider control that are derived as a result of interaction with the cloud service by the cloud service customer. Cloud service derived data includes the portion of log data containing records of who used the service, at what times, which functions, types of data involved and so on. It can also include information about the numbers of authorized users and their identities. It can also include any configuration or customization data, where the cloud service has such configuration and customization functionalities. **Cloud service provider data ** Class of data objects, specific to the operation of the cloud service, under the control of the cloud service provider. Cloud service provider data includes but is not limited to configuration and utilization information of system components, storage and network resource allocations, physical and virtual resource failure rates, operational costs and so on. **Confidentiality ** The ability of information to be made available or disclosed only to authorized persons, entities and processes in a permissible manner. **Integrity ** The ability of information to be complete, accurate (correct, undamaged) and protected from manipulation and unintentional or erroneous alteration.

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements

3. Related Regulations

Regulations
Impressum