Date: 22/01/15
EuroCloud Europe a.s.b.l.
Version 3.0 Rev10
EuroCloud Star Audit Certificate
No.
I - Control Topic
II - Control Scope
III - Control Question
Star Rating
Audit Goal
AI6-S01-C01-Q01
Reference Architecture
Analysis
of the used technology
Is the complete cloud stack documented, including all
technologies used?
****
Transparency about technical service layout and key services as func-
tional and technical overview
AI6-S02-C01-Q01
System Management
Self-Provisioning
Can the customer book and configure his system resources
by himself and is it fully documented?
****
Capability of self service and provisioning
AI6-S02-C01-Q02
Can the customer administrator supervise the state of the
system and is it fully documented?
****
Controlling and monitoring the service by the customer
AI6-S03-C01-Q01
Security
Access Hypervisor
Is there is a two-factor authentication for the provisioning
access?
***
Secure admin access
AI6-S03-C01-Q02
Can the connection be verified by a customer-supplied
direct connection?
*****
The network access to the admin interface can be limited to a customer
specific direct connection.
AI6-S03-C01-Q03
Are there user directives to ensure the security of virtual
machines?
***
Guidance to avoid vulnerability by customer managed systems
AI6-S03-C01-Q04
Are the operating systems automatically protected against
known vulnerabilities?
****
Avoid security risk due to deployment of outdated OS versions
AI6-S03-C01-Q05
Are virtualized operating systems provided in hardened
condition?
*****
All provided OS are hardened by default according to vendor specific
recommendations.
AI6-S04-C01-Q01
Licence Management
Operating System
Are there authorizations by the licensor of the operating
systems which are made available for deployment?
***
Show evidence that the provider is entitled to offer the Operating
Systems