The BSI Cloud Computing Compliance Criteria Catalogue (C5) defines a mandatory baseline for the secure operation of cloud services, providing a transparent and verifiable framework for cloud service providers and their customers. It focuses on 17 security domains covering both organizational and technical controls, requiring an independent third-party attestation (Type 1 for a specific date or Type 2 for a sustained period) to demonstrate operational effectiveness. This standard is fundamentally similar to ISO/IEC 27017, which provides cloud-specific security controls building upon ISO/IEC 27001, and it aligns with the cloud security requirements and shared responsibility models outlined in NIST SP 800-144. By incorporating criteria from the Cloud Controls Matrix (CCM), C5 ensures that providers meet high-level European and international security requirements, making it a critical benchmark for regulated industries such as healthcare, finance, and government.
Home / Function (NIST CSF 2.0) / PR - Protect / IR - Infrastructure / Cloud
BSI Cloud Security (C5)
This document focuses on:Cloud