Guest
ISO 27001 query
I have a question. For an organization that having servers on premise and on cloud, to comply with 12.4.4 Clock synchronization: All systems should be configured with the same time and date. Which servers in the cloud that should have the same time as the servers on premise:
SaaS
DaaS
IaaS
or
none of the cloud should sync?
Assign topic to the user
Expert
Rhand Leal
Jan 13, 2022
I’m assuming that by DaaS you mean Device as a Service.
Normally, control A.12.4.4 applies only to on-premise servers because these are the servers you fully control. If your risk assessment or requirements ask that both on-premise and cloud servers need to be synchronized, then regardless of the environment or cloud model, to be compliant with control 12.4.4 all servers in the same security domain (i.e., under the influence of the same controls) need to be synchronized to a single reference time source.
Comment as guest or Sign in
Jan 13, 2022
Jan 13, 2022
Jan 13, 2022