>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PSS-03Online Register of Known Vulnerabilities

>Control Description

The Cloud Service Provider operates or refers to a daily updated online register of known vulnerabilities that affect the Cloud Service Provider and assets provided by the Cloud Service Provider that the cloud customers have to install, provide or operate themselves under the customers responsibility. The presentation of the vulnerabilities follows the Common Vulnerability Scoring System (CVSS). The online register is easily accessible to any cloud customer. The information contained therein forms a suitable basis for risk assessment and possible follow-up measures on the part of cloud users. For each vulnerability, it is indicated whether software updates (e.g. patch, update) are available, when they will be rolled out and whether they will be deployed by the Cloud Service Provider, the cloud customer or both of them together. Additional criteria: Assets provided by the Cloud Service Provider, which must be installed, provided or operated by cloud users within their area of responsibility, are equipped with automatic update mechanisms. After approval by the respective cloud user, software updates can be rolled out in such a way that they can be distributed to all affected users without human interaction.

Ask AI

Configure your API key to use AI features.