12_Cloud-Marketplace-Config.md

Configuration of Cloud Marketplaces

(Back)

Objective

Restrict Third-Party CSP Marketplace software to GC-approved products.

Applicable Service Models

IaaS, PaaS, SaaS

Mandatory Requirements

Activity	Validation
Only GC approved cloud marketplace products are to be consumed. Turning on the commercial marketplace is prohibited.	Confirm that third-party marketplace restrictions have been implemented.

Additional Considerations

Activity	Validation
Submit requests to add third-party products to marketplace to SSC’s Cloud Broker.	Not applicable.
Ensure that software offered through the cloud service provider or the cloud service provider marketplace undergo a software assurance process to ensure that only approved products are used.	Not applicable.

References

• Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN) 2017-01, subsection 6.2.5

Related security controls from ITSG-33

CM‑5, CM‑8, SA‑12