Cloud Management and Security Standard for Financial Services (C12d)
Financial services emphasize regulatory compliance, making the migration of workloads from on-premises to the cloud challenging due to the need to meet regulatory requirements. The ANSI standard X9.125, Cloud Management and Security, serves as a tool to assist Financial Cloud Service Customers (CSCs) in managing a structured cloud lifecycle. This standard specifies the minimum management and security requirements for effective cloud computing in a financial services environment. Its scope includes the cloud adoption lifecycle, cryptography and key management, the cybersecurity lifecycle, authentication and authorization, auditability and logging, security monitoring and incident response, compliance information and notification, security considerations, and data and privacy protection. This talk provides an overview of the standard, delves into cryptography and key management, presents a case study, and engages in discussions on various aspects with the audience.