What is BSI C5?
C5 is an attestation scheme whose cloud computing compliance criteria catalogue (C5) defines a baseline security level for cloud computing initially introduced by The Federal Office for Information Security in Germany (BSI Germany) in 2016.
BSI C5 evaluations are based on a criteria catalogue setting a baseline security level for cloud services. It aims at illustrating information security in a transparent way based on a standardized examination and report.
A C5 attestation report provides information about the security of a cloud service, which is based on a standardized examination and report. The C5 criteria are designed for cloud services that are not specifically regulated.
The attestation report is only one part of the risk assessment. Customers evaluate such reports within their own risk analysis. The C5 report is used by cloud service providers, customers and auditors.
All three share the responsibility for establishing and maintaining information security. It is not a legal requirement for cloud customers to use a cloud service provider with a C5 attestation.