BSI C5:2025 AWS Compliance Check
Cloud security standard from the German Federal Office for Information Security. 413 checks, 610 requirements
Framework overview
BSI C5:2025
BSI C5:2025 (Cloud Computing Compliance Criteria Catalogue) comes from Germany's Federal Office for Information Security. Its 610 requirements across 17 domains make it the benchmark for public sector contracts and critical infrastructure operators in Germany, Austria, and Switzerland. Many government tenders require BSI C5 compliance as a prerequisite.
Who needs this
Relevant for
Public sector contractors, critical infrastructure operators, cloud providers in DACH region
What the scan checks
Example check areas
Identity & access management, cryptography, operational security, network security, compliance evidence
Frequently asked questions
What is BSI C5 and why does it matter in Germany?
BSI C5:2025 is the cloud security standard from Germany's Federal Office for Information Security. Public sector contracts and critical infrastructure tenders in Germany, Austria, and Switzerland often require BSI C5 compliance as a prerequisite. Without it, you cannot bid.
What does the BSI C5 scan check?
413 controls across 17 domains: identity and access management, cryptography, operational security, network security, physical security, and compliance evidence. The scan produces a gap analysis against all 610 BSI C5:2025 requirements.
Is BSI C5 relevant outside the public sector?
Increasingly, yes. Private companies in the DACH region adopt BSI C5 as a cloud security baseline, especially critical infrastructure operators and cloud service providers. It also maps well to ISO 27001, reducing duplicate compliance effort.