1. Overview

SOV-6-02-AC

In the event of disruption or loss of an external software vendor, the cloud service provider MUST maintain the capability to remediate software vulnerabilities and implement necessary changes. The cloud provider MUST maintain specialized engineering talent and local build-environments necessary to compile, test, and deploy emergency security patches to the cloud services independently of third parties.

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

3. Related Regulations

• BSI C3A - Criteria enabling Cloud Computing Autonomy -

  Copyright by Bundesamt für Sicherheit in der Informationstechnik

  C3A - Criteria enabling Cloud Computing Autonomy

  Published under Creative-Commons-License CC-BY-ND 4.0 International.