Skip to content
This document focuses on:

The BSI Cloud Computing Compliance Criteria Catalogue (C5) defines a mandatory baseline for the secure operation of cloud services, providing a transparent and verifiable framework for cloud service providers and their customers. It focuses on 17 security domains covering both organizational and technical controls, requiring an independent third-party attestation (Type 1 for a specific date or Type 2 for a sustained period) to demonstrate operational effectiveness. This standard is fundamentally similar to ISO/IEC 27017, which provides cloud-specific security controls building upon ISO/IEC 27001, and it aligns with the cloud security requirements and shared responsibility models outlined in NIST SP 800-144. By incorporating criteria from the Cloud Controls Matrix (CCM), C5 ensures that providers meet high-level European and international security requirements, making it a critical benchmark for regulated industries such as healthcare, finance, and government.


Publication's URL

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/CloudComputing/ComplianceControlsCatalogue-Cloud_Computing-C5.html

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *