Page 1064 - Cloud computing: From paradigm to operation
P. 1064

7                                                     Security


            8.3.1   Management of removable media

            Control 8.3.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.
            8.3.2   Disposal of media

            Control 8.3.2 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            8.3.3   Physical media transfer
            Control 8.3.3 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.


            9       Access control

            9.1     Business requirements of access control

            The objective specified in clause 9.1 of ISO/IEC 27002 applies.
            9.1.1   Access control policy

            Control 9.1.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            9.1.2   Access to networks and network services
            Control 9.1.2 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.

            Implementation guidance for cloud services

                          Cloud service customer                          Cloud service provider
             The cloud service customer's access control policy for   (no additional implementation guidance)
             the use of network services should specify requirements
             for user access to each separate cloud service that is
             used.

            9.2     User access management

            The objective specified in clause 9.2 of ISO/IEC 27002 applies.
            9.2.1   User registration and deregistration

            Control 9.2.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.

            Implementation guidance for cloud services

                          Cloud service customer                          Cloud service provider

             (no additional implementation guidance)          To manage access to cloud services by a cloud service
                                                              customer's cloud service users, the cloud service
                                                              provider should provide user registration and
                                                              deregistration functions, and specifications for the use
                                                              of these functions to the cloud service customer.
            9.2.2   User access provisioning

            Control 9.2.2 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.



            1056
   1059   1060   1061   1062   1063   1064   1065   1066   1067   1068   1069