HUAWEI CLOUD has inherited the complete Huawei management system as well as the IT system building and operation experience. Integration and O&M of cloud services are proactively managed and continuously optimized.
HUAWEI CLOUD is responsible for the security of underlying infrastructures, and users are responsible for the security of applications and purchased OSs deployed in clouds. HUAWEI CLOUD can assist users with required compliance certification.
HUAWEI CLOUD services and platforms have received the following certifications:
CSA STAR Gold Certification
The first authoritative certification of cloud security worldwide, CSA STAR certification is based on the Cloud Controls Matrix (CCM) and is a hardened version of the ISO/IEC 27001 information security management system. CSA STAR certification was developed by the Cloud Security Alliance (CSA) and the British Standards Institution (BSI), an authoritative standard development and preparation body as well as certification service provider worldwide. This certification aims to increase trust and transparency in the cloud computing industry and help cloud computing service providers show their service maturity.
HUAWEI CLOUD has received the CSA STAR Gold Certification, indicating the platform's leadership in information security management and cloud security maturity, as well as compliance with the highest international standards of security and availability.
For details, see https://cloudsecurityalliance.org/star/.
ISO 27001 is a widely used international standard that specifies requirements for information security management systems. Based on periodic risk evaluation, this standard provides a method for assessing systems that manage company and customer information.
This certification shows that the technology and management systems of HUAWEI CLOUD meet the most authoritative global information security standards.
For details, see https://www.iso.org/.
CSA C-STAR Certification
Authorized by the Cloud Security Alliance (CSA), CSA Security Trust and Assurance Registry (C STAR) is a cloud service security certification developed by China CEPREI Laboratory, an independent third-party auditing institute. In addition to the Cloud Controls Matrix (CCM) from CSA, CEPREI has added requirements for classified protection and a personal information protection guide. CSA STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, helping users assess the security of cloud providers they use or are considering.
This certification shows that HUAWEI CLOUD security meets the most advanced standards and requirements in the world.
For details, see https://cloudsecurityalliance.org/star/.
Classified Cybersecurity Protection of China's Ministry of Public Security
Classified Cybersecurity Protection issued by China's Ministry of Public Security is used to guide organizations in China through cybersecurity building. Currently, it has become the general security standards widely followed by various industries in China.
HUAWEI CLOUD has passed the registration and assessment of Classified Cybersecurity Protection Class 3. This proves that the technology and management system of HUAWEI CLOUD meets the most authoritative and national government security requirements.
Key regions and nodes of HUAWEI CLOUD have passed the registration and assessment of Classified Cybersecurity Protection Class 4, meeting finance, government, and large enterprises' requirements for high reliability and security of cloud services.
Cloud Service Security Certification - Cyberspace Administration of China (CAC)
The CAC Cloud Service Security Certification is based on a government agency-oriented standard for the security management of cloud services. This certification shows that the enterprise cloud services Huawei offers to government customers comply with the most comprehensive and rigorous security standard for cloud services in China.
Trusted Cloud Service (TRUCS) is the first certification in China for cloud service products. Under the guidance of the Department of Communications Development at China's Ministry of Industry and Information Technology (MIIT), the Cloud Computing Promotion and Policy Forum established TRUCS as a trusted cloud service workgroup. The core objective of TRUCS is to provide a system for evaluating cloud vendors, enabling users to select secure and trusted cloud vendors.
TRUCS systematically assesses a cloud vendor's implementation of 16 metrics in 3 categories, covering 90% of the information that the vendor must commit to or inform users of (based on the SLA).
This certification shows that HUAWEI CLOUD complies with the most detailed certification standard for cloud service data and service assurance in China.
The Gold O&M certification is designed to assess the O&M capability of cloud service providers who have passed trusted cloud certification. Gold O&M assesses the process management, adequacy of management system functions, and automatic management of O&M systems. Covering more than 200 items, Gold O&M comprehensively assesses the overall O&M management capability of cloud service providers. HUAWEI CLOUD passed the Gold O&M assessment with excellent results.
This certification shows that HUAWEI CLOUD services have a sound O&M management system that meets the cloud service O&M assurance requirements specified in Chinese certification standards. This also shows that HUAWEI CLOUD services are efficient, stable, and secure.
International Common Criteria EAL 3+ Certification
The Common Criteria for Information Technology Security Evaluation (CC) is based on an international standard for computer security. The CC specifies a group of requirements for security functions and security assurance. These requirements are evaluated based on a benchmark called Evaluation Assurance Level (EAL). HUAWEI CLOUD FusionSphere has passed CC EAL 3+.
PCI DSS Certification
Payment Card Industry Data Security Standard "PCI DSS" is the global card industry security standard, which is established by five major international payment brands, JCB, American Express, Discover, MasterCard and Visa, to enhance card member data and transaction data security. PCI DSS standard, which is the most authoritative and strictest financial institution certification in the world, stipulates nearly 300 items included in 6 areas and 12 requirements to be complied with, and the evaluation process is very strict and complex.
All places and components included in or connected to cardholder data environment fall within the scope of certification. Huawei Cloud is the first CSP in domestic whose all NODES and SERVICES in marketplace are certificated. The Certification has verified that All Huawei Cloud nodes can provide customers with financial-grade data security protection, not just specific nodes or services.
For details of the standard, see https://www.pcisecuritystandards.org/.