基礎設施即服務之應用 - page 2

Date: 20/03/15

EuroCloud Europe a.s.b.l.

Version 3.0 Rev 10

EuroCloud Star Audit Certificate

No.

項次

I - Control Topic

控制主題

II - Control Scope

控制範疇

III - Control Question

控制題項

Star Rating

Audit Goal

驗證目標

AI6-S01-C01-Q01

Reference Architecture

參考架構

Analysis

of the used technology

對所用科技之分析

Is the complete cloud stack documented with all used

technologies and documented?

完整雲端運算架構所使用之技術是否均有文件化的描

述？

****

Transparency about technical service layout and key services as

functional and technical overview

技術服務層級與關鍵服務功能和技術概述之透明度

AI6-S02-C01-Q01

System Management

系統管理

Self-Provisioning

自我提供

Can the customer book and configure his system resources

by himself and is it fully documented?

客戶能否自行預訂並配置其所需之系統資源？是否文件

化完整說明其操作步驟

****

Capability of self service and provisioning

提供自我服務之能力

AI6-S02-C01-Q02

Can the customer administrator supervise the state of the

system and is it fully documented?

客戶管理者能否監督其系統之狀態？是否文件化完整說

明其操作步驟

****

Controlling and monitoring the service by the customer

客戶控制及監控服務狀態

AI6-S03-C01-Q01

Security

安全

Access Hypervisor

存取虛擬層軟體系統

Is there is a two-factor authentication for the provisioning

access?

提供存取服務時，是否有雙因子身份認證機制？

***

Secure admin access

安全的存取管理

AI6-S03-C01-Q02

Can the connection be verified by a customer-supplied

direct connection?

能否經由客戶提供之直接連線方式進行服務連線核對？

*****

The network access to the admin interface can be limited to a

customer specific direct connection

對管理介面的網路存取可被限制在客戶特定的直接連線下

AI6-S03-C01-Q03

Are there user directives to ensure the security of virtual

machines?

是否有使用者指引以保證虛擬機之安全性？

***

Guidance to avoid vulnerability by customer managed systems

提供指引以避免由客戶管理之系統產生弱點

AI6-S03-C01-Q04

Are the operating systems automatically protected against

known vulnerabilities?

作業系統是否自動化地保護不受已知資安弱點危害？

****

Avoid security risk due to deployment of outdated OS versions

避免因安裝過時作業系統所可能造成的資安風險

AI6-S03-C01-Q05

Are virtualized operating systems provided in hardened

condition?

是否在強固的狀態下提供虛擬作業系統？

*****

All provided OS are hardened by default according to vendor specif-

ic recommendations

所有提供之作業系統都應該遵照供應商推薦的方式自動被強固

AI6-S04-C01-Q01

Licence Management

授權管理

Operating System

作業系統

Are there authorizations by the licensor of the operating

systems which are made available for deployment?

***

Show evidence that the provider is entitled to offer the Operating

Systems

SEO Version

Warning.

You are currently viewing the SEO version of !text.
It has a number of design and functionality limitations.

We recommend viewing the Flash version or the basic HTML version of this publication.

1 3