A guidance standard that adds cloud-specific information security controls on top of ISO/IEC 27002.
ISO/IEC 27017 provides guidance on information security for cloud services. It supplements the ISO/IEC 27002 controls with cloud-specific advice and adds controls that address the shared responsibility between cloud providers and their customers.
It helps both providers and users clarify who is responsible for which security measures, a common source of confusion in cloud environments.
Related frameworks
KaitoSec