BSI C5 (Cloud Computing Compliance Criteria Catalogue)

C5:2020 defines basic and additional criteria across 17 control areas. Assessments are performed by accredited auditors and the resulting C5 attestation (Type 1 or Type 2) is widely required by German regulated industries (especially financial services and government).