Configuration of Cloud Marketplaces
(Back)
Objective
Restrict Third-Party CSP Marketplace software to GC-approved products.
Applicable Service Models
IaaS, PaaS, SaaS
Mandatory Requirements
| Activity | Validation |
|---|---|
| <ul><li>Only GC approved cloud marketplace products are to be consumed. Turning on the commercial marketplace is prohibited.</li></ul> | <ul><li>Confirm that third-party marketplace restrictions have been implemented.</li></ul> |
Additional Considerations
| Activity | Validation |
|---|---|
| <ul><li>Submit requests to add third-party products to marketplace to SSC’s Cloud Broker.</li></ul> | <ul><li>Not applicable.</li></ul> |
| <ul><li>Ensure that software offered through the cloud service provider or the cloud service provider marketplace undergo a software assurance process to ensure that only approved products are used.</li></ul> | <ul><li>Not applicable.</li></ul> |
References
- Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN) 2017-01, subsection 6.2.5
Related security controls from ITSG-33
CM‑5, CM‑8, SA‑12
Page details
- Date modified: