Content
- Security event logs collected by the cloud provider are at least: privileged and non-privileged user access activities, authorized and unauthorized access attempts, credentials management operations, system exceptions, information security events retained, traffic related to virtual machines motion.
- The cloud provider implements an automated security information and event management / SIEM tool to help identify anomalies and constantly monitoring and detect attacks, potential attacks, and unauthorized connections.
- The cloud provider supports delegated authentication for its cloud management system.
- The cloud provider ensures that concurrent login sessions are restricted for each user ID.
- Security event logs collected by the external supplier’s software are at least: privileged and non-privileged user access activities, authorized and unauthorized access attempts, credentials management operations, system exceptions, information security events retained
- The application shall use cryptographic/protection mechanisms (e.g. cryptographic-signed hash using asymmetric cryptography etc.) to protect the integrity of audit records.
- The application shall log authenticated activities (whether successful or not) in order to have evidence of attack attempts or possible abuses.
- The application shall be characterized by a detailed data-level analysis (e.g. CRUD matrix etc.).
- The application shall be analyzed using automatic code analysis tool to statically identify bugs and vulnerabilities (e.g. through Data Flow Analysis, Control Flow Graph, etc.).
- The application components shall be cryptographically signed to ensure integrity and authenticity of modules and releases.