Skip to main content

Criteria Catalogue C5:2020

Criteria Catalogue C5:2020
info

Available on Premium subscription plan.

The The Cloud Computing Compliance Controls Catalogue (C5:2020) Available, developed by the German Federal Office for Information Security (BSI), is a standardized framework designed to help organizations ensure the security, transparency, and compliance of cloud services. The framework provides a comprehensive catalog of controls aligned with international standards such as ISO 27001, CSA CCM, and NIST, enabling cloud providers and their customers to assess and demonstrate the trustworthiness of cloud offerings. It was developed in response to the growing reliance on cloud computing and the need for robust, verifiable cloud security and compliance practices.



Criteria Catalogue C5:2020 Resources:
Unicis Platform: EU NIS2
Unicis Platform: EU NIS2
Unicis Cybersecurity Controls app

What is its purpose?

It can be used for a variety of reasons, but the most common are those listed below.

Enhanced Information Security

The C5 framework offers a structured approach to assessing and improving the security posture of cloud environments. It defines specific controls for data protection, incident response, access management, and operational security—helping organizations identify vulnerabilities and implement effective safeguards against threats.

Compliance and Legal Requirements

C5 supports organizations in meeting national and European regulatory obligations, such as the GDPR and cybersecurity legislation. By aligning cloud operations with C5 controls, organizations can demonstrate compliance, monitor adherence to security standards, and maintain accountability through independent audits and transparent reporting.

Stakeholder Trust and Confidence

By adhering to the C5 framework, cloud service providers enhance transparency and build confidence among customers, regulators, and business partners. The framework’s audit-based approach ensures that stakeholders can rely on verified, standardized security practices and documented assurance reports.


Industries

C5 is applicable to a wide range of sectors that rely on cloud computing, including cloud service providers (IaaS, PaaS, SaaS), financial services, healthcare, public sector, manufacturing, and telecommunications—particularly those handling sensitive or regulated data requiring demonstrable security and compliance.


Unicis solution

In the Unicis apps below, you can find The Criteria Catalogue C5:2020 best security controls.

Unicis Platform

Frameworks

General Data Protection Regulation (GDPR)Minimum Viable Secure Product (MVSP)ISO/IEC 27001NIST Cybersecurity Framework v2.0EU NIS 2 DirectiveThe CIS Critical Security Controls for Effective Cyber DefenseC5 (Cloud Computing Compliance Controls Catalogue)System and Organization Controls 2 Type 2EU Cyber Resilience ActEU Digital Operational Resilience Act (DORA)Payment Card Industry Data Security StandardCloud Controls Matrix (CCM)ISO/IEC 42001 Artificial Intelligence Management System (AIMS)Custom Frameworks