Scribd Logo
Upload

Welcome to Scribd!

  • 2 Structure and Contents of C5

    Uploaded by

    SNFK2018
    20 views1 page
    C5 is a catalogue that defines controls for cloud computing compliance. It is divided into 17 sections, each with an objective for the cloud provider to fulfill through organizational and technical measures. Requirements are assigned to each objective and specify principles and procedures for meeting the objective. Basic requirements are essential for an audit, while additional optional requirements focus on confidentiality, availability, or both. Surrounding parameters precede the requirements and provide transparency on the general conditions of the cloud service.

    Original Description:

    Original Title

    C513

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    C5 is a catalogue that defines controls for cloud computing compliance. It is divided into 17 sections, each with an objective for the cloud provider to fulfill through organizational and technical measures. Requirements are assigned to each objective and specify principles and procedures for meeting the objective. Basic requirements are essential for an audit, while additional optional requirements focus on confidentiality, availability, or both. Surrounding parameters precede the requirements and provide transparency on the general conditions of the cloud service.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    20 views1 page

    2 Structure and Contents of C5

    Uploaded by

    SNFK2018
    C5 is a catalogue that defines controls for cloud computing compliance. It is divided into 17 sections, each with an objective for the cloud provider to fulfill through organizational and technical measures. Requirements are assigned to each objective and specify principles and procedures for meeting the objective. Basic requirements are essential for an audit, while additional optional requirements focus on confidentiality, availability, or both. Surrounding parameters precede the requirements and provide transparency on the general conditions of the cloud service.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    Cloud Computing ComplianCe Controls Catalogue (C5) | struCture and Contents oF C5

    2 Structure and contents of C5

    2.1 Structure of C5 starting point for requirements which the cloud


    customers could specify based on their individual
    Cloud services in terms of C5 are IT services use case.
    which are made available to the customer by a
    service company (cloud provider, provider or ser- The cloud provider is responsible for the design,
    vice provider) over a network. Cloud services are description, implementation and effective opera-
    offered, used and billed elastically and adapted to tions of organizational and operational measures
    the requirements by defined technical interfaces (controls) with which the requirements are imple-
    and protocols. The range of the services offered mented at the cloud provider. The entirety of the
    within the cloud computing framework covers required measures is part of their internal control
    the entire spectrum of information technology system concerning the cloud services. The design
    and, among other things, includes infrastructure of this internal control system depends on the
    (e. g. computing power, storage), platforms and type of cloud service provided, the requirements
    software. of the cloud customers and the company goals
    of the cloud provider as well as on the associated
    C5 itself is subdivided into 17 sections (see specific risks.
    section 2.2).
    A speciality in C5 are the so-called surrounding
    An objective is assigned to each section (see parameters for transparency which precede the
    section 2.2). The objective provides the cloud requirements. Surrounding parameters for trans-
    provider a summarised target which they have to parency address the transparency with respect
    fulfill in the related section through correspond- to the general conditions according to which the
    ing organisational and operational measures and cloud service is provided (e. g. the place of juris-
    (procedural) organisation. diction). By means of the information resulting
    from auditing these surrounding parameters for
    Individual requirements are assigned to each transparency, the customer can decide on the
    objective (see section 5). The requirements specify general suitability of the cloud service according
    general principles, procedures and measures to their internal targets.
    for fulfilling the objective. In this respect, a
    distinction is made between basic requirements
    and additional, optional requirements. The basic
    requirements are essential and the cloud provider
    has to meet and at least comply with as part of an
    audit according to this catalogue.

    In addition to some basic requirements, addi-


    tional, optional requirements are defined. They
    are classified as to whether especially confiden-
    tiality (C), availability (A) or both properties at
    the same time (C/A) are addressed with respect
    to the data processed in the cloud service. It
    turned out that there are no effective higher-level
    requirements for integrity (I) in addition to the
    basic requirements, which is why this category is
    missing here. The additional requirements are a

    13

    You might also like