Scribd
Upload
51 views

Cloud Computing Compliance Controls Catalogue (C5) : - Table of Content

The document appears to be a table of contents for a Cloud Computing Compliance Controls Catalogue. The table of contents lists various section numbers and titles related to risk-based controls, logging and monitoring, handling of vulnerabilities, identity and access management, and cryptography/key management. It provides high-level section overviews in an abbreviated format.

Uploaded by

SNFK2018
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
51 views

Cloud Computing Compliance Controls Catalogue (C5) : - Table of Content

The document appears to be a table of contents for a Cloud Computing Compliance Controls Catalogue. The table of contents lists various section numbers and titles related to risk-based controls, logging and monitoring, handling of vulnerabilities, identity and access management, and cryptography/key management. It provides high-level section overviews in an abbreviated format.

Uploaded by

SNFK2018
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Cloud Computing ComplianCe Controls Catalogue (C5) | taBle oF Content

„ RB-16 Logging and monitoring – availability of the


monitoring software 45
„ RB-17 Handling of vulnerabilities, malfunctions and
errors – concept 45
„ RB-18 Handling of vulnerabilities, malfunctions and
errors – penetration tests 46
„ RB-19 Handling of vulnerabilities, malfunctions and
errors – integration with
change and incident management 46
„ RB-20 Handling of vulnerabilities, malfunctions and
errors – involvement of the cloud customer 46
„ RB-21 Handling of vulnerabilities,
malfunctions and errors – check of open vulnerabilities 46
„ RB-22 Handling of vulnerabilities, malfunctions and
errors – system hardening 47
„ RB-23 Segregation of stored and processed
data of the cloud customers in jointly used
resources 47

5.7 Identity and access management 48

„ IDM-01 Policy for system and data access


authorisations 48
„ IDM-02 User registration 48
„ IDM-03 Granting and change (provisioning) of data
access authorisations 48
„ IDM-04 Withdrawal of authorisations
(de-provisioning) in case of changes to the employment
relationship 49
„ IDM-05 Regular review of data access authorisations 49
„ IDM-06 Administrator authorisations 49
„ IDM-07 Non- disclosure of authentication information 49
„ IDM-08 Secure login methods 50
„ IDM-09 Handling of emergency users 50
„ IDM-10 System-side access control 50
„ IDM-11 Password requirements and
validation parameters 50
„ IDM-12 Restriction and control of
administrative software 51
„ IDM-13 Control of access to source code 51

5.8 Cryptography and key management 52

„ KRY-01 Policy for the use of encryption procedures and


key management 52
„ KRY-02 Encryption of data for transmission
(transport encryption) 52

You might also like