Cloud Computing Compliance Controls Catalog

Cloud Computing Compliance Controls Catalog (C5) is a German government-backed attestation scheme that was introduced in Germany by the Federal Office for Information Security (BSI). It was created to help organizations demonstrate operational security against common cyberattacks within the context of the German government's Security Recommendations for Cloud Providers.

The technical and organizational measures of data protection and the measures for information security target data security to ensure confidentiality, integrity and availability. C5 defines security requirements that can be also relevant for data protection. AWS customers and their compliance advisors can use the C5 attestation as a resource to understand the range of IT-Security assurance services that AWS offers them as they move their workloads to the cloud. C5 adds the regulatory-defined IT-Security level equivalent to the IT-Grundschutz, with the addition of cloud-specific controls.

C5 adds more controls that provide information pertaining to data location, service provisioning, place of jurisdiction, existing certification, information disclosure obligations, and a full-service description. Using this information, you can evaluate how legal regulations (such as data privacy), your own policies, or the threat environment relate to your use of cloud computing services.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Compliance Program

The CISPE Code of Conduct