The BSI C5 (Cloud Computing Compliance Criteria Catalogue) is increasingly required for German public sector contracts. Check your infrastructure against all BSI C5 controls in minutes.
✓ 1 free scan/month✓ No credit card✓ Hosted in Germany
German federal procurement increasingly requires BSI C5 attestation. Without it, you cannot bid on contracts.
BSI C5 is not a one-time audit. ConformScan keeps you compliant with scheduled scans.
See exactly which BSI C5 controls you fail and get Terraform/CLI remediation snippets.
All data processed on Netcup infrastructure in Karlsruhe. No US subprocessors.
The BSI C5 (Cloud Computing Compliance Criteria Catalogue) was published by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik). It defines minimum security requirements for cloud services used by German public sector organizations.
Who needs it? Cloud service providers targeting German federal agencies, state governments, and public sector organizations must demonstrate BSI C5 compliance. Increasingly, private sector companies working with public entities are also required to comply.
Scope: 17 control areas covering organization, human resources, asset management, physical security, operations, communications, access control, cryptography, procurement, development, incident management, business continuity, and compliance.
1 free scan/month. No credit card. Results in minutes.