1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Overview
7 Requirements of the security clause of the service level agreement
7.1 Security responsibility between CSPs and CSCs
7.2 Requirements of the security clause of SLA
8 Guidelines of daily operational security
8.1 Identity management and access control
8.2 Data encryption and key management
8.3 System security monitoring
8.4 Disaster recovery
8.5 Security configuration management
8.6 Security event processing
8.7 Patch upgrade
8.8 Securing configuration management
8.9 Emergency response plans
8.10 Backup
8.11 Internal security audit
Bibliography