Republic of Korea: Announced Revision of Public Notice on Cloud Computing Service Security Certification

On 6 February 2024, the Ministry of Science and ICT (MSIT) announced a draft revision of the "Public Notice on Cloud Computing Service Security Certification". The revision reflects the upper and middle-security grading standards of the cloud security certification system, introduced in January 2023, to promote private cloud usage in the public sector, innovate public services, and enhance the competitiveness of the cloud industry. The revised standards were established through security certification verification projects and analysis of certification evaluation items such as ISO 27001 (Information Security), 27017 (Cloud Security), and FedRAMP (US Federal Government Cloud Security Certification). The revision adds four new evaluation items for upper-grade evaluations. Specifically, additional items such as external network blocking, integrated management of security audit logs, automation of account and access permissions, and automation of security patches were added. For middle-grade evaluations, evaluation items such as system isolation and physical area separation were modified to clarify the inspection contents.