Most recent
ANSI X9.125-2024
Cloud Management and Security
This standard specifies the minimum management and security requirements for the effective use of cloud computing in a financial services environment. Areas within the scope of this standard include, but are not limited to, the following: • Cloud adoption lifecycle, from Step 1: Assembling Your Team through Step 10: Managing the Cloud Environment, • Cryptography and key management considerations throughout the entire key lifecycle from key generation to key archival, • Cybersecurity lifecycle, from Stage 0: Monitoring through Stage 4: Data Breach Notification, • Authentication and authorization of users and services, • Auditability and logging, • Security monitoring and incident response, • Compliance information and notification, • Security considerations that should be part of cloud service contractual agreements, • Data and privacy protection. Areas not within the scope of this standard include, but are not limited to, the following: • Data classification schemes, • Application risk assessment methodologies, • Evaluation of the total cost of ownership and total cost of service usage.
Accredited Standards Committee, Inc. - Financial Industry Standards [ascx9]