1. Reasons for Amendment

The cloud security assurance grading system was introduced to strengthen the competitiveness of the cloud industry and innovate public services by promoting public sector use of private clouds. The low grade is currently in effect while the high and intermediate grades will be enforced after preparing security assurance standards for the grades through empirical testing and verification.

In this regard, this Amendment prescribes security assurance standards for the high and intermediate grades and amends this Notice including relevant standards to enforce the cloud security assurance grading system in full.

2. Major Provisions

A. Prescribe security assurance grading standards (latter part of Article 14 (2) newly inserted)

- Newly insert standards to determine the security assurance grades of services subject to security assurance (SaaS, PaaS, DaaS, and other cloud computing services) pursuant to subparagraphs 2 through 4 of Article 14 (1)

B. Amend safeguards in accordance with the establishment of security assurance standards for the high and intermediate grades (attached Tables 1, 2, 3 and 4)

- Amend matters concerning administrative, physical and technical safeguards for cloud computing services used by national institutions, etc.