German Federal Office for Information Security Issues Draft Framework Paper on Information Security for Cloud Computing

Posted on October 11, 2010 by Hunton & Williams LLP

On September 28, 2010, the German Federal Office for Information Security, (the Bundesamt für Sicherheit in der Informationstechnik or “BSI”) released a draft framework paper on information security issues related to cloud computing.  The draft paper defines minimum security requirements for cloud solution service providers, and provides a basis for discussions between service providers and users.  The paper addresses the following issues:

  • The definition of cloud computing
  • Service provider security management requirements
  • ID and rights management
  • Monitoring and security incident response
  • Emergency management
  • Security checks and verification
  • Requirements for personnel
  • Transparency
  • Organizational requirements
  • User control
  • Portability of data and applications
  • Interoperability
  • Data protection and compliance
  • Cloud certification
  • Additional requirements for public cloud service providers that support cloud solutions for the Federal Administration

The BSI’s goal is to work with stakeholders to develop appropriate security requirements that should be considered with respect to the provision of cloud services.  Service providers and users have until January 3, 2011, to review the paper and provide comments.

For further information on the draft paper, please contact Dr. Jörg Hladjk in the Brussels office of Hunton & Williams.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>