C5 Type 2 attestation report now available with 141 services in scope
Amazon Web Services (AWS) is pleased to announce the issuance of the new Cloud Computing Compliance Controls Catalogue (C5) Type 2 attestation report. We added 18 additional services and service features to the scope of the 2021 report.
Germany’s national cybersecurity authority, Bundesamt für Sicherheit in der Informationstechnik (BSI), established C5 to define a reference standard for German cloud security requirements. The C5 Type 2 report covers the time period from October 1, 2020, through September 30, 2021. It was issued by an independent third-party attestation organization, and assesses the design and the operational effectiveness of AWS’s controls against the new version C5:2020’s basic and additional criteria.
Customers in Germany and other European countries can use AWS’s attestation report to confirm that AWS meets the security requirements of the C5:2020 framework, and to review the details of the tested controls. This attestation demonstrates our commitment to meet and exceed the security expectations for cloud service providers set by the BSI.
AWS has added the following 18 services and service features to the new C5 scope:
- AWS App Mesh
- AWS Audit Manager
- Amazon Augmented AI [Excludes Public Workforce and Vendor Workforce for all features]
- AWS Chatbot
- AWS Cloud9
- AWS Cloud Map
- Amazon CloudWatch SDK Metrics for Enterprise Support
- Amazon Detective
- Amazon EC2 Image Builder
- Amazon FinSpace
- Amazon Fraud Detector
- AWS Glue DataBrew
- Amazon Kendra
- Amazon KeySpaces (for Apache Cassandra)
- Amazon Macie Classic
- AWS Network Firewall
- AWS Single Sign-On
- Amazon Timestream
You can see a current list of the services in scope for C5 on the AWS Services in Scope by Compliance Program page.
AWS strives to continuously bring services into scope of its compliance programs to help you meet your architectural and regulatory needs. Please reach out to your AWS account team if you have questions or feedback about the C5 report.
The C5 report and Continuing Operations Letter is available to AWS customers through AWS Artifact. For more information, see Cloud Computing Compliance Controls Catalogue (C5).
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.