Azure Meets the C5 Requirements of BSI
Microsoft meets all requirements for C5 of the German Federal Office for Security and Information Technology (BSI) for its more than 100 international Azure data centers. This was the result of a review of Microsoft.
The BSI's "Cloud Computing Controls Catalogue (C5)" specifies a procedure with which the providers of cloud services can make an independent proof available, that shows, that the products they offer meets necessary security standards. The catalogue requirements are not only based on established standards such as ISO/IEC 27001 and others, but also take into account environmental parameters such as data location, service provision, jurisdiction, certifications as well as investigation and disclosure obligations to government agencies. The C5 catalogue consists of a total of 114 requirements in 17 areas.
The audit also revealed that Microsoft meets the requirements of the Cloud Controls Matrix (CCM) of the Cloud Security Alliance (CSA), too and complies with the trust principles of security, availability, integrity and confidentiality of the Service Organization Controls (SOC).