Most recent

ANSI X9.125-2024

Cloud Management and Security


This standard specifies the minimum management and security requirements for the effective use of cloud computing in a financial services environment. Areas within the scope of this standard include, but are not limited to, the following: • Cloud adoption lifecycle, from Step 1: Assembling Your Team through Step 10: Managing the Cloud Environment, • Cryptography and key management considerations throughout the entire key lifecycle from key generation to key archival, • Cybersecurity lifecycle, from Stage 0: Monitoring through Stage 4: Data Breach Notification, • Authentication and authorization of users and services, • Auditability and logging, • Security monitoring and incident response, • Compliance information and notification, • Security considerations that should be part of cloud service contractual agreements, • Data and privacy protection. Areas not within the scope of this standard include, but are not limited to, the following: • Data classification schemes, • Application risk assessment methodologies, • Evaluation of the total cost of ownership and total cost of service usage.


CONTENT PROVIDER
Accredited Standards Committee, Inc. - Financial Industry Standards [ascx9]

Document History
We have no document history for this standard.
Included in Packages
This standard is not included in any packages.
Amendments & Corrections
We have no amendments or corrections for this standard.