Requirement:
The cybersecurity requirements related to the use of hosting and cloud computing services must be implemented.
Control Implementation Guidelines:
- Implement cybersecurity requirements for cloud computing and hosting services for the organization, including, but not limited to:
- Ensure that the location of hosting and storing the organization's information is within the Kingdom.
- Ensure the activation of event logs on hosted information assets.
- Ensure that cloud computing and hosting service providers must return data (in a usable format) and remove it in a non-recoverable manner upon termination/expiry of the service.
- Ensure that the organization's environment (including virtual servers, networks and databases) is separated from other entities' environments in cloud computing services.
- Ensure that data and information transmitted to, stored in, or transmitted from cloud services are encrypted in accordance with the relevant laws and regulations of the organization.
- Ensure that the cloud computing and hosting service provider must periodically backup and protect backups in accordance with the organization's backup policy.
- The organization may also develop an action plan to implement cybersecurity requirements related to cloud computing and hosting service, in order to ensure that the organization complies with all cybersecurity requirements for all internal and external stakeholders and follow up and monitor them periodically to ensure implementation.
- Ensure continuous compliance with cloud computing cybersecurity controls for (CCC).
Expected Deliverables:
- An action plan to implement the cybersecurity requirements for cloud computing and hosting services.
- A signed sample of the agreement or contract between the organization and the cloud service provider.
- Evidence by the cloud computing service provider of the implementation of the cybersecurity requirements of cloud computing and hosting services.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.