MSBFS 2020:7 Controls

We are not lawyers, this is not legal advise.

It is your responsibility to discover what law applies to you and how to best comply with it. In case of doubt, consult your Data Protection Officer (DPO) or equivalent.

Note

Controls not covered below are controls which cannot be fulfilled by Compliant Kubernetes. These include requirements such as:

  • Your management team needs to regularly perform various risk analysis.
  • You need to do background checks when recruiting.
  • You need to activate multi-factor authentication in your Identity Provider.
  • You need to have a policy on how to safely use USB sticks.
  • Requirements which fall under the scope of the application.

If you are a Swedish government agency or a supplier you likely need to comply with MSBFS 2020:7.

Click on the links below to navigate the documentation by control.

MSBFS 2020:7 2 kap. 4 §

MSBFS 2020:7 3 kap. 1 §

MSBFS 2020:7 3 kap. 2 §

MSBFS 2020:7 4 kap. 1 §

MSBFS 2020:7 4 kap. 2 §

MSBFS 2020:7 4 kap. 3 §

MSBFS 2020:7 4 kap. 4 §

MSBFS 2020:7 4 kap. 7 §

MSBFS 2020:7 4 kap. 12 §

MSBFS 2020:7 4 kap. 13 §

MSBFS 2020:7 4 kap. 14 §

MSBFS 2020:7 4 kap. 15 §

MSBFS 2020:7 4 kap. 16 §

MSBFS 2020:7 4 kap. 17 §

MSBFS 2020:7 4 kap. 18 §

MSBFS 2020:7 4 kap. 20 §

MSBFS 2020:7 4 kap. 21 §

MSBFS 2020:7 4 kap. 22 §

Further Reading