To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
To understand their compliance alignments and gaps with a cloud provider, cloud customers must rely on third-party attestations. These attestations offer unbiased and validated reports on the provider's compliance status, giving customers a reliable source of information regarding compliance alignments and potential gaps.
Pg. 56 - The Security Guidance for Critical Areas of Focus in Cloud Computing v4.0 - Cloud customers, particularly in public cloud, must rely more on third-party attestations of the provider to understand their compliance alignment and gaps.
3rd Party Attestation would give unbiased view of compliance status.
P 55 4.1.1.1 How Cloud Changes Compliance As with security, compliance in the cloud is a shared responsibility model. Both the cloud provider and customer have responsibilities, but the customer is always ultimately responsible for their own compliance. These responsibilities are defined through contracts, audits/assessments, and specifics of the compliance requirements. P 56 Cloud customers, particularly in public cloud, must rely more on third-party attestations of the provider to understand their compliance alignment and gaps.
4.1.1.1 find the answers
Security Guidance, page 55: As with security, compliance in the cloud is a shared responsibility model. Both the cloud provider and customer have responsibilities, but the customer is always ultimately responsible for their own compliance. These responsibilities are defined through contracts, audits/assessments, and specifics of the compliance requirements.
Beside C is correct, the Answer A is also correct. See page 58 of Security Guidance about Artifacts. Answer A is about the Provider provided documentation which is also needed to understand the gaps.