AWS Security Blog
2018 C5 attestation is now available
May 22, 2019 update: We’ve removed a reference to the IT-Grundschutz Certification Workbook. AWS now recommends that customers refer to the Cloud Computing Compliance Controls Catalog (C5) instead. Learn more about C5 here: https://thinkwithwp.com/compliance/bsi-c5/
AWS has completed its 2018 assessment against the Cloud Computing Compliance Controls Catalog (C5) information security and compliance program. Germany’s national cybersecurity authority—Bundesamt für Sicherheit in der Informationstechnik (BSI)—established C5 to define a reference standard for German cloud security requirements. With C5, customers in German member states can use the work performed under this BSI compliance catalog to comply with stringent local requirements.
AWS has added the Irish region DUB and 29 services to this year’s scope:
- AWS AppSync
- AWS Batch
- AWS Certificate Manager
- AWS CodeBuild
- AWS CodeCommit
- AWS Config
- AWS Firewall Manager
- AWS IoT Device Management
- AWS Managed Services
- AWS OpsWorks
- AWS Service Catalog
- AWS Snowball
- AWS Snowball Edge
- AWS Snowmobile
- AWS WAF
- AWS X-ray
- Amazon Kinesis Video Streams
- Amazon Athena
- Amazon Cloud Directory
- Amazon Inspector
- Amazon MQ
- Amazon Polly
- Amazon QuickSight
- Amazon Rekognition
- Amazon SageMaker
- Amazon Simple Email Service
- Amazon SimpleDB
- Amazon WorkDocs
- Amazon WorkMail
AWS now has 71 services in scope of C5. In addition, AWS has included the C5 aspect of “Confidentiality” as an advanced C5 testing, which further supports compliance with GDPR by testing the Technical and Organizational Measures (TOMs), and the C5 aspect of “Availability” as an advanced C5 testing, with which customers will achieve a higher independent assurance for the availability of AWS services.
For more information, German readers can take a look at these resources:
- Trusted Cloud Data Protection Profile V1.0 to C5
- ISACAQ recommendation of C5 for internal audit purposes, including this brochure and this short publication.
- This BSI definition of a valid C5 attestation
The English version of the C5 report is available through AWS Artifact.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.