The scope of this 2024 Cloud Security Assessment report covers SAP Ariba Buyer Application deployed in Australia, the SAP Ariba Network deployed in the United States, and the SAP Cloud Integration Gateway deployed in Germany using the Information Security Manual (ISM) controls manual published March 2024.

 

The scope of a Cloud Security Assessment (CSA) undertaken by an Infosec Registered Assessor Program (IRAP) certified assessor includes the evaluation of the security fundamentals of SAP, and the regional deployment (where applicable) of the Cloud Service offering.  The resulting attestation created by the assessor is made available as a Cloud Security Assessment (CSA) Pack to organisation’s cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use SAP Cloud Services securely. This CSA Pack will include the Cloud Security Assessment Report (CSAR) and any addendums, the Cloud Security Controls Matrix (CSCM) now renamed to the Cloud Controls Matrix (CCM) detailing the individual controls and the responsibilities of SAP and the cloud consumer.

 

This assessment is undertaken in accordance with the Digital Transformation Agency (DTA)’s Secure Cloud Strategy, and Australian Cyber Security Centre (ACSC)’s Anatomy of a Cloud Assessment and Authorisation Framework guidelines.  For more information see: https://www.cyber.gov.au/acsc/view-all-content/publications/anatomy-cloud-assessment-and-authorisation.

 

The use of these reports is restricted. A copy of this report is available for all SAP customers, prospects, and partners with a non-disclosure agreement in place.