The list of Security Recommendations for major SAP cloud products is published on the  SAP Trust Center, as shown in Figure 1.

Figure 1: Security Recommendations published on SAP Trust Center

Customers have been asking for a unified view of the security configuration of their deployed cloud solutions. This central visualization should report on the configuration status of SAP services and compare it against recommended settings.
To achieve this goal, we initially had to provide a check list with human readable security recommendations documents.
Together with SAP BTP and SAP Customer Success (owners of the SAP Security Baseline standards [1], mostly covering on premise), we drafted the main structure of the security recommendations. Let us highlight the main differences between the security recommendations and the security guides:

• A security guide is a holistic document, describing all the relevant security parameters as well as their possible values in detail (for example: defining supported encryption settings or enabling or not multifactor authentication);
• Whereas a security recommendation document provides recommendations of specific values for a security setting and restrictions about their usage to enable customers to securely operate production systems. A security recommendation document extracts a list of parameters that customers can influence (namely user-configurable security settings) and it describes, for each setting, the recommended secure values.

Finally, we introduced the requirement for a standardized security recommendation documentation in our software development lifecycle, targeting major SAP cloud products.

[1] Access to SAP customers only