2018 C5 attestation is now available

AWS has completed its 2018 assessment against the Cloud Computing Compliance Controls Catalog (C5) information security and compliance program. Germany’s national cybersecurity authority—Bundesamt für Sicherheit in der Informationstechnik (BSI)—established C5 to define a reference standard for German cloud security requirements. With C5 (as well as with IT-Grundschutz), customers in German member states can use the work performed under this BSI compliance catalog to comply with stringent local requirements.

AWS has added the Irish region DUB and 29 services to this year’s scope:

  • AWS AppSync
  • AWS Batch
  • AWS Certificate Manager
  • AWS CodeBuild
  • AWS CodeCommit
  • AWS Config
  • AWS Firewall Manager
  • AWS IoT Device Management
  • AWS Managed Services
  • AWS OpsWorks
  • AWS Service Catalog
  • AWS Snowball
  • AWS Snowball Edge
  • AWS Snowmobile
  • AWS X-ray
  • Amazon Kinesis Video Streams
  • Amazon Athena
  • Amazon Cloud Directory
  • Amazon Inspector
  • Amazon MQ
  • Amazon Polly
  • Amazon QuickSight
  • Amazon Rekognition
  • Amazon SageMaker
  • Amazon Simple Email Service
  • Amazon SimpleDB
  • Amazon WorkDocs
  • Amazon WorkMail

AWS now has 71 services in scope of C5. In addition, AWS has included the C5 aspect of “Confidentiality” as an advanced C5 testing, which further supports compliance with GDPR by testing the Technical and Organizational Measures (TOMs), and the C5 aspect of “Availability” as an advanced C5 testing, with which customers will achieve a higher independent assurance for the availability of AWS services.

For more information, German readers can take a look at these resources:

The English version of the C5 report is available through AWS Artifact.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.