What is the Cloud Computing Compliance Criteria Catalogue?

IONOS editorial team27/05/20243 mins

The Cloud Computing Compliance Criteria Catalogue (C5) is a catalogue of standards specifically tailored to meet the security needs of cloud computing services. This guide, created by the Federal Office for Information Security (BSI), acts as a framework for evaluating and verifying the security implementations that cloud service providers have in place.

What does the Cloud Computing Compliance Criteria Catalogue entail?

The C5 Catalogue is a set of criteria published by the Federal Office for Information Security in 2016. It outlines the minimum standards for secure cloud computing and compiles the requirements that cloud service providers need to fulfil in order to be recognised as reliable partners for handling and processing sensitive data.

Currently, the criteria catalogue includes 17 topics and addresses more than 120 criteria. The latest edition of the catalogue, released in 2020, outlines requirements in various areas such as:

Organisation of information security
Security policies and operating procedures
Physical security
Standard operating procedures
Identity and access management
Cryptography and key management
Secure communications
Security incident management

Who are the C5 compliance criteria relevant for?

The criteria described in the catalogue are primarily aimed at organisations and companies that provide cloud services. The C5 catalogue is particularly important for German cloud service providers and cloud storage providers that manage or store sensitive data. With its uniform standards, it offers a framework that providers can use as a guide to ensure the personal data they store is safe and that security risks are minimised.

It’s not only providers who benefit. Cloud service clients can utilise the criteria catalogue to get an understanding of the key aspects of information security within cloud computing. This allows them to make a well-informed choice regarding where to store and place their personal data.

IONOS S3 Object Storage

Secure, affordable storage

Cost-effective, scalable storage that integrates into your application scenarios. Protect your data with highly secure servers and individual access control.

What distinguishes C5-certified providers?

Generally, providers that achieve the C5 certification distinguish themselves by adhering to the rigorous security standards outlined in the BSI’s Cloud Computing Compliance Criteria Catalogue. As this catalogue encompasses all aspects of information security, C5-certified cloud providers are typically regarded as secure. While this does not imply that security incidents are entirely preventable, customers can trust that their data is protected and that any events will be handled in a professional way.

Exactly which criteria are met depends on the individual service provider, as the criteria catalogue distinguishes between basic and additional criteria. Basic criteria must be met to receive certification. Additional criteria, on the other hand, may be fulfilled optionally in order to achieve an even higher level of protection.

What are other security certifications?

The C5 certification isn’t the only relevant certification for cloud providers. The criteria in the C5 catalogue come from a range of national and international standards, each of which holds its own significance:

ISO/IEC 27001 certification: Requirements for introducing, implementing, monitoring and improving a documented information security management system
BSI IT Basic Protection guide: Best practices for implementing security measures
ISO/IEC 27002 certification: Information on implementing security mechanisms in information security management systems and on other aspects of information security.

The ISO 27001 standard is of particular importance for IT service providers and cloud providers. It is much broader than the C5 Cloud Computing Compliance Criteria Catalogue and covers not only cloud services, but also various aspects of information security management. In this way, it creates a more general framework for information security.

Was this article helpful?

Gaia-X

Google, Amazon, Facebook, Alibaba, Tencent: Data infrastructure is dominated by a few large corporations, none of which come from Europe. Gaia-X aims to change that. A group of politicians, businesspeople, and researchers hope the concept will strengthen the development of…

What is the most secure cloud storage? 3 secure clouds to consider

If you like to store your data in the cloud, you’ve probably wondered which cloud storage is the most secure. In order to assess the security of a cloud service, various factors such as the server location or the data encryption must be considered. We show you which security…

CloudTools

What is Cybersecurity?

More and more dangers are creeping into the digital world. So it is no surprise that the issue of cybersecurity is gaining more and more weight and is taking a leading role in the fight against cybercrime. But how can you protect yourself from dangers on the network? And what is…

Security

What is tailgating and how to protect your company

While many companies focus on protecting themselves against digital attacks, it’s important not to underestimate the importance of physical security. Tailgating is one such threat. While not based on the latest technology, it still poses a significant danger. We’ll take a look at…