|
Work item:
|
X.1607 (ex X.asm-cc)
|
|
Subject/title:
|
Requirements of attack surface management for cloud computing
|
|
Status:
|
Determined on 2025-12-11 [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2025-12 (Medium priority)
|
|
Liaison:
|
ITU-T SG13
|
|
Supporting members:
|
China Telecom, China, China Unicom
|
|
Summary:
|
This draft Recommendation outlines comprehensive requirements for attack surface management (ASM) in cloud computing environments. The key components of ASM include thorough cyber asset discovery, attack surface identification, in-depth analysis, and continuous monitoring. These processes are crucial for maintaining a robust security posture in cloud environments.
To effectively manage attack surfaces, ASM shall seamlessly integrate threat intelligence and collaborate with third-party tools. Additionally, it should provide detailed visualizations and mappings of assets, data flows, and network traffic. This enables organizations to identify and mitigate potential vulnerabilities proactively. By continuously evaluating, securely configuring, and protecting attack surfaces in both multi-cloud and hybrid environments, ASM ensures that evolving cyber threats are effectively countered. Furthermore, it facilitates the prioritization and remediation of risks, allowing organizations to maintain a secure and agile cloud infrastructure.
Keywords
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-03-06 14:01:45
|
|
Last update:
2025-12-15 16:12:05
|
