The Cloud Computing Compliance Criteria Catalogue (C5) is published by Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik or BSI) and specifies minimum requirements for secure cloud computing. There is substantial overlap between C5 and ISO/IEC 27001 and SOC-2 Type II security controls.
F5 has completed an assessment of the design and operating effectiveness of C5 controls. This certification will include an external auditor’s opinion that F5 Distributed Cloud, Bot Defense and Silverline services have properly implemented an internal control system which conforms to C5 criteria. This C5 report is available to share with customers under NDA, please contact your account manager for a copy of the report.