1. Overview

SOV-3-05-C

The cloud service provider MUST enable client-side encryption of cloud service customer data. Whenever the cloud service customer data is transmitted, processed or stored inside the cloud environment, it MUST be encrypted with a private key that is only available to the cloud service customer outside of the cloud service provider environment.

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

3. Related Regulations

• BSI C3A - Criteria enabling Cloud Computing Autonomy -

  Copyright by Bundesamt für Sicherheit in der Informationstechnik

  C3A - Criteria enabling Cloud Computing Autonomy

  Published under Creative-Commons-License CC-BY-ND 4.0 International.