CEN/TS 18026:2024
(Main)Three-level approach for a set of cybersecurity requirements for cloud services
Three-level approach for a set of cybersecurity requirements for cloud services
This Technical Specification (TS) provides a set of cybersecurity requirements for cloud services.
This TS is applicable to organizations providing cloud services and their subservice organizations
Mehrschichtiger Ansatz für einen Anforderungskatalog für Informations-/Cybersicherheitsmaßnahmen für Cloud Dienste
Tristopenjski pristop za nabor zahtev kibernetske varnosti za storitve v oblaku
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TS CEN/CLC/TS 18026:2024
01-julij-2024
Tristopenjski pristop za nabor zahtev kibernetske varnosti za storitve v oblaku
Three-level approach for a set of cybersecurity requirements for cloud services
Mehrschichtiger Ansatz für einen Anforderungskatalog für
Informations-/Cybersicherheitsmaßnahmen für Cloud Dienste
Ta slovenski standard je istoveten z: CEN/TS 18026:2024
ICS:
35.030 Informacijska varnost IT Security
35.210 Računalništvo v oblaku Cloud computing
SIST-TS CEN/CLC/TS 18026:2024 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST-TS CEN/CLC/TS 18026:2024
---------------------- Page: 2 ----------------------
SIST-TS CEN/CLC/TS 18026:2024
TECHNICAL SPECIFICATION CEN/TS 18026
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
April 2024
ICS 35.030; 35.210
English version
Three-level approach for a set of cybersecurity
requirements for cloud services
Mehrschichtiger Ansatz für einen Anforderungskatalog
für Informations-/Cybersicherheitsmaßnahmen für
Cloud Dienste
This Technical Specification (CEN/TS) was approved by CEN on 27 February 2024 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN and CENELEC will be
requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European
Standard.
CEN and CENELEC members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the
CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in
force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.
CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2024 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. CEN/TS 18026:2024 E
reserved worldwide for CEN national Members and for
CENELEC Members.
---------------------- Page: 3 ----------------------
SIST-TS CEN/CLC/TS 18026:2024
CEN/CLC/TS 18026:2024 (E)
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 8
2 Normative references . 8
3 Terms and definitions . 8
4 Organisation of Information Security . 35
5. Information Security Policies . 39
6. Risk management . 45
7. Human Resources . 49
8. Asset Management . 57
9. Physical Security . 63
10. Operational Security ……………………………………………………………………… ………………………….93
11. Identity, Authentication and Access Control Management . 94
12. Cryptography and Key Management .113
13. Communication Security .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.