The Cloud Computing Compliance Criteria Catalogue (C5) is published by Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik or BSI) and specifies minimum requirements for secure cloud computing. There is substantial overlap between C5 and ISO/IEC 27001 and SOC-2 Type II security controls.
F5 is currently undergoing an assessment of the design and operating effectiveness of C5 controls. This certification will include an external auditor’s opinion that F5 Distributed Cloud, Bot Defense and Silverline services have properly implemented an internal control system which conforms to C5 criteria. This C5 report will be available to share with customers under NDA in late May 2024.