+SOV-4-05-C

1. Overview

SOV-4-05-C

All software updates and operational data affecting the cloud service MUST be received, authorized and validated in a secured network area managed and controlled by the cloud service provider. The cloud service provider MUST verify and check updates for known vulnerabilities. Updates MUST include documentation satisfying the needs of the cloud service provider. The update process MUST be based on a controlled change management processes.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

BSI C3A - Criteria enabling Cloud Computing Autonomy -
Copyright by Bundesamt für Sicherheit in der Informationstechnik

C3A - Criteria enabling Cloud Computing Autonomy

Published under Creative-Commons-License CC-BY-ND 4.0 International.