[Owasp-leaders] Advice for security in the cloud

OWASP thomas.herzog at owasp.org
Thu Dec 7 05:57:33 UTC 2017


Germany’s BSI now provides the “Cloud Computing Compliance Controls Catalogue” 
(aka C5, also available in english) fo that purpose. Dropbox was certified by the BSI recently using this. This might 
help.
https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Controls_Catalogue/Compliance_Controls_Catalogue_node.html;jsessionid=D74602F5933B1CAFF349B0A6D1A068D7.2_cid360

Regards,
Thomas

Von meinem iPhone gesendet

> Am 07.12.2017 um 04:12 schrieb Aaron Guzman <aaron.guzman at owasp.org>:
> 
> I am not sure if OWASP does but this might be what you’re looking for - https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/
> 
> Here is what providers responses should look like:
> AWS - https://d1.awsstatic.com/whitepapers/compliance/CSA_Consensus_Assessments_Initiative_Questionnaire.pdf
> Google - https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf
> --
> Aaron Guzman
> OWASP Los Angeles Board Member
> Cloud Security Alliance LA/SoCal Board Member
> aaron.guzman at owasp.org
> Twitter: @scriptingxss
> Linkedin: http://lnkd.in/bds3MgN
> 
> 
>> On Dec 6, 2017, at 5:59 PM, Tanya Janca <tanya.janca at owasp.org> wrote:
>> 
>> Hello all,
>> 
>> *Imagine* I wanted to write security requirements for a cloud provider, do we have any advice on that?  I checked out the OWASP Secure Software Contract Annex (which is AWESOME, but the way), but there’s nothing on cloud there.  Anyone want to throw me some advice?  :)
>> 
>> Tanya
>> 
>> 
>> Tanya Janca
>> @SheHacksPurple
>> OWASP Ottawa Chapter Leader: https://www.meetup.com/OWASP-Ottawa/ 
>> OWASP DevSlop Project Leader: https://www.owasp.org/index.php/OWASP_DevSlop_Project
>> https://www.slideshare.net/TanyaJanca
>> 
>> <PastedGraphic-1.tiff>
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171207/ba8dd579/attachment.html>


More information about the OWASP-Leaders mailing list