Date: 20/03/15
EuroCloud Europe a.s.b.l.
Version 3.0 Rev 10
EuroCloud Star Audit Certificate
No.
項次
I - Control Topic
控制主題
II - Control Scope
控制範疇
III - Control Question
控制題項
Star Rating
Audit Goal
驗證目標
AI6-S01-C01-Q01
Reference Architecture
參考架構
Analysis
of the used technology
對所用科技之分析
Is the complete cloud stack documented with all used
technologies and documented?
完整雲端運算架構所使用之技術是否均有文件化的描
述?
****
Transparency about technical service layout and key services as
functional and technical overview
技術服務層級與關鍵服務功能和技術概述之透明度
AI6-S02-C01-Q01
System Management
系統管理
Self-Provisioning
自我提供
Can the customer book and configure his system resources
by himself and is it fully documented?
客戶能否自行預訂並配置其所需之系統資源?是否文件
化完整說明其操作步驟
?
****
Capability of self service and provisioning
提供自我服務之能力
AI6-S02-C01-Q02
Can the customer administrator supervise the state of the
system and is it fully documented?
客戶管理者能否監督其系統之狀態?是否文件化完整說
明其操作步驟
?
****
Controlling and monitoring the service by the customer
客戶控制及監控服務狀態
AI6-S03-C01-Q01
Security
安全
Access Hypervisor
存取虛擬層軟體系統
Is there is a two-factor authentication for the provisioning
access?
提供存取服務時,是否有雙因子身份認證機制?
***
Secure admin access
安全的存取管理
AI6-S03-C01-Q02
Can the connection be verified by a customer-supplied
direct connection?
能否經由客戶提供之直接連線方式進行服務連線核對?
*****
The network access to the admin interface can be limited to a
customer specific direct connection
對管理介面的網路存取可被限制在客戶特定的直接連線下
AI6-S03-C01-Q03
Are there user directives to ensure the security of virtual
machines?
是否有使用者指引以保證虛擬機之安全性?
***
Guidance to avoid vulnerability by customer managed systems
提供指引以避免由客戶管理之系統產生弱點
AI6-S03-C01-Q04
Are the operating systems automatically protected against
known vulnerabilities?
作業系統是否自動化地保護不受已知資安弱點危害?
****
Avoid security risk due to deployment of outdated OS versions
避免因安裝過時作業系統所可能造成的資安風險
AI6-S03-C01-Q05
Are virtualized operating systems provided in hardened
condition?
是否在強固的狀態下提供虛擬作業系統?
*****
All provided OS are hardened by default according to vendor specif-
ic recommendations
所有提供之作業系統都應該遵照供應商推薦的方式自動被強固
AI6-S04-C01-Q01
Licence Management
授權管理
Operating System
作業系統
Are there authorizations by the licensor of the operating
systems which are made available for deployment?
***
Show evidence that the provider is entitled to offer the Operating
Systems