Dubai Electronic Security Centre (DESC) Cloud Service Provider (CSP) Security Standard

FAQs

• What is the DESC CSP license?

  DESC CSP license is a certification system to assess if a Cloud Service Provider’s Information Security Management System is properly established, managed and operated. Government and semi-government organizations in Dubai must ensure that any CSP they're using complies with this standard.

• What is the benefit of this license?

  DESC certification provides the necessary cybersecurity assurance for Dubai-based government and semi-government entities who wish to host their workloads in the cloud. 

• Which AWS Services are in scope of the certification?

  The covered AWS services that are within the scope of the DESC certification can be found within AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us. 

• What regions are in scope of the DESC certification?

  The DESC certification covers the AWS Middle East (UAE) Region. 

• How often does the DESC certification audit take place?

  The verification audit will take place yearly, with recertification every 3 years. 

• Can I get a copy of the DESC CSP Standard license?

  Yes. The certification can be downloaded via AWS Artifact. 

• Are there guidelines that customers could use to help them comply with DESC ISR?

  Customers with access to the AWS platform can make use of the DESC ISR CloudFormation Template via the Compliant LandingZone allowing them to deploy a compliant architecture using minimal effort.