Cloud OS Security Specification
Authored by the CSA’s Cloud Component Specifications Working Group, the paper addresses the importance of specifying the technical security requirements of cloud OS. [Information security management systems (ISMS) are outside of the scope for this specification.] Currently, whereas the majority of standards related to cloud computing focus on ISMS, there is a lack of internationally recognized technical security specifications for cloud OS. This document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud computing security. Security properties and functionalities presented by cloud service providers such as AWS, Google Cloud, Huawei and Microsoft Azure are referenced in this document.