2019 C5 attestation is now available

AWS has completed its 2019 assessment against the Cloud Computing Compliance Controls Catalog (C5) information security and compliance program. Germany’s national cybersecurity authority—Bundesamt für Sicherheit in der Informationstechnik (BSI)—established C5 to define a reference standard for German cloud security requirements. With C5, customers in German states can use the work performed under this BSI compliance catalog to help them comply with their stringent local requirements.

AWS has added four regions (London, Paris, Stockholm and Singapore); Edge locations in England, France, Germany, Ireland and Singapore; and 30 services to this year’s scope:

  • Amazon Comprehend
  • Amazon DocumentDB
  • Amazon Elastic Container Service for Kubernetes
  • Amazon Elasticsearch Service
  • Amazon FreeRTOS
  • Amazon FSx
  • Amazon GuardDuty
  • Amazon Kinesis Data Analytics
  • Amazon Kinesis Data Firehose
  • Amazon Neptune
  • Amazon Pinpoint
  • Amazon Translate
  • Amazon WorkLink
  • AWS Amplify Console
  • AWS Backup
  • AWS CodeDeploy
  • AWS DataSync
  • AWS Elemental MediaConnect
  • AWS Global Accelerator
  • AWS Glue
  • AWS IoT Greengrass
  • AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise
  • AWS Organizations
  • AWS Resource Groups
  • AWS RoboMaker
  • AWS Secrets Manager
  • AWS Security Hub
  • AWS Server Migration Service
  • AWS Serverless Application Repository
  • AWS Transfer for SFTP

AWS now has 101 services in scope of C5. The current list of services in scope can be found here. For more information, see Cloud Computing Compliance Controls Catalog (C5).

The English version of the C5 report is available through AWS Artifact.

If you have feedback about this blog post, submit comments in the Comments section below.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.


Kevin Quaid

Kevin leads Regional Audits and Region Expansions for Security Assurance, supporting customers using and migrating to AWS. He previously managed datacenter site selection and qualification for AWS Infrastructure. He is passionate about leveraging his decade-plus risk management experience at Amazon to drive innovation and cloud adoption.

%d bloggers like this: