This Control has the following implementation support Control(s):
Notify cloud customers of the geographic locations of the cloud service organization and its assets., CC ID: 13037
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
As cloud computing service providers may adopt multi-tenancy and data commingling architectures in order to process data for multiple customers, the FI should pay attention to these service providersâ abilities to isolate and clearly identify its customer data and other information system assets f… (§ 5.2.3, Monetary Authority of Singapore: Technology Risk Management Guidelines)
Where a high availability requirement exists for website hosting, CDNs that cache websites are used. (Security Control: 1438; Revision: 1, Australian Government Information Security Manual, March 2021)
Where a high availability requirement exists for website hosting, CDNs that cache websites are used. (Control: ISM-1438; Revision: 2, Australian Government Information Security Manual, June 2023)
Where a high availability requirement exists for website hosting, CDNs that cache websites are used. (Control: ISM-1438; Revision: 2, Australian Government Information Security Manual, September 2023)
Principles, procedures and safeguards for rendering (development and/or operation) the cloud service, including the controls established (Section 4 UP-01 Basic requirement ¶ 1 Bullet 2, Cloud Computing Compliance Controls Catalogue (C5))
How is access to client data restricted to only that clientâs users and applications? (Appendix D, Protect Cardholder Data Bullet 4, Information Supplement: PCI DSS Cloud Computing Guidelines, Version 2.0)
Shared hosting providers must protect each entityâs hosted environment and cardholder data. (2.6, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
Shared hosting providers must protect each entityâs hosted environment and cardholder data. These providers must meet specific requirements as detailed in Appendix A1: Additional PCI DSS Requirements for Shared Hosting Providers. (2.6, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
Protect each entity's (that is, merchant, service provider, or other entity) hosted environment and data, per A1.1 through A1.4: A hosting provider must fulfill these requirements as well as all other relevant sections of the PCI DSS. (A1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
Shared hosting providers must protect each entityâs hosted environment and cardholder data. These providers must meet specific requirements as detailed in Appendix A1: Additional PCI DSS Requirements for Shared Hosting Providers. (2.6, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
Protect each entityâs (that is, merchant, service provider, or other entity) hosted environment and data, per A1.1 through A1.4:
A hosting provider must fulfill these requirements as well as all other relevant sections of the PCI DSS. (A1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
If you are a shared hosting provider, are your systems configured to protect each entityâs (your customersâ) hosted environment and cardholder data? (2.6, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
If you are a shared hosting provider, are your systems configured to protect each entityâs (your customersâ) hosted environment and cardholder data? (2.6, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
Is each entityâs (that is, a merchant, service provider, or other entity) hosted environment and data protected, per A1.1 through A1.4 as follows: (A1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
Specifically for a PCI DSS assessment of a shared hosting provider, to verify that shared hosting providers protect entitiesâ (merchants and service providers) hosted environment and data, select a sample of servers (Microsoft Windows and Unix/Linux) across a representative sample of hosted mercha… (A1, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
Perform testing procedures A1.1 through A1.4 detailed in Appendix A1: Additional PCI DSS Requirements for Shared Hosting Providers for PCI DSS assessments of shared hosting providers, to verify that shared hosting providers protect their entities' (merchants and service providers) hosted environment… (2.6, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
The cloud service provider should enforce segregation of network access for the following cases:
â segregation between tenants in a multi-tenant environment;
â segregation between the cloud service provider's internal administration environment and the cloud service customer's cloud computing en… (§ 13.1.3 Table: Cloud service provider, ISO/IEC 27017:2015, Information technology â Security techniques â Code of practice for information security controls based on ISO/IEC 27002 for cloud services, First edition 2015-12-15)
The public cloud PII processor should ensure that whenever data storage space is assigned to a cloud service customer, any data previously residing on that storage space is not visible to that cloud service customer. (§ A.10.13 ¶ 2, ISO/IEC 27018:2014, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors)
The public cloud PII processor should ensure that whenever data storage space is assigned to a cloud service customer, any data previously residing on that storage space is not visible to that cloud service customer. (§ A.11.13 ¶ 2, ISO/IEC 27018:2019, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, Second edition)
