The Cloud and Hosting Services Standard v.1 (2019) provides a regulatory and technical framework for Omani government agencies to adopt cloud services securely and efficiently. It outlines:

 Cloud Computing Fundamentals

• Covers essential characteristics (e.g., on-demand self-service, resource pooling).

• Explains service models (SaaS, PaaS, IaaS).

• Defines deployment models (Private, Community, Public, Hybrid).

 Requirements for Cloud Service Providers (CSPs)

• Security: Must comply with standards such as ISO/IEC 27001, 27017, 27018, and CSA’s CCM.

• Privacy: CSPs must ensure secure data handling and allow government audits.

• Data Sovereignty: All data must remain within Oman’s borders, including backups.

• Access & Confidentiality: Government retains data ownership; CSPs must follow strict access and non-disclosure policies.

 CSP Accreditation

• Must undergo third-party security assessments.

• Accreditation remains valid if certifications and security standards are maintained.

• Continuous monitoring and reporting to MTC are mandatory.

 Cloud Standards (Annex A)

• Security: Extensive mapping to global standards (e.g., ISO, NIST, CSA).

• Interoperability & Portability: Emphasis on CDMI, OVF, TOSCA for easy migration.

• Performance: Highlights importance of SLAs and scalability.

• Accessibility: Requires compliance with WCAG and ISO accessibility standards.