C5:2020
The C5 report covers security controls to protect customer data and is available to download from the Cloudflare dashboard.
Created by Germany’s Federal Office for Information Security ("BSI"), C5:2020 is the Cloud Computing Compliance Criteria Catalogue. The C5:2020 is an independent auditing standard introduced in 2016 to evaluate an organization’s security program against a standard of robust cloud security controls.
Frequently asked questions
The C5:2020 standard is an update from 2016 and ensures cloud service providers adhere to a baseline of information security criteria based on ISO 27001 and Cloud Controls Matrix of the Cloud Security Alliance (“CSA”). C5:2020 evaluates an organization’s security program against a standard of robust cloud security controls. Both German government agencies and private companies place a high level of importance on aligning their cloud computing requirements with these standards. Learn more about C5 here.
C5:2020 represents an organization’s measures to comply with German federal data protection laws and other EU regulations. Customers can use Cloudflare’s attestation of services to assist their own C5:2020 compliance.
C5:2020 is a validation against a defined baseline security level for cloud computing that focuses on data protection, structured risk assessments, and continuous monitoring.
C5:2020 is an independent auditing standard and requires attestation from a third-party auditor.
Application Security:
API Shield, Bot Management, DDoS Protection, Page Shield, Rate Limiting, SS/TLS, Turnstile, WAF
Application Performance:
Argo Smart Routing, Cache/CDN, DNS, Load Balancing, Speed, Waiting Room, Zaraz
Secure Access Service Edge (SASE):
Cloudflare One
Zero Trust Services:
Access, Browser Isolation, Cloudflare Tunnel, Cloudflare Zero Trust, Gateway, Zero Trust WARP Client
Network Services:
Magic WAN, Magic Transit, Magic Firewall, Network Interconnect, Spectrum
Developer Platform:
Cloudflare Image Optimization, Cloudflare for SaaS, Durable Objects, Pages, R2, Stream, Workers, Workers KV
Analytics and Insights:
Analytics, Cloudflare Web Analytics, Logs, Radar, Security Center
Privacy and Compliance:
Data Localization
Cloudflare continuously introduces new features/functions across our platform throughout the year. We introduce those to our C5 scope depending on the annual audit cycle.
The C5:2020 report covers security controls to protect customer data and is available to download from the Cloudflare dashboard. Attestation is provided from a third-party auditor annually. Cloudflare requires all future and current customers to sign a nondisclosure agreement ("NDA") before our report is provided.
For detailed instructions, visit Cloudflare’s guide.
Visit Cloudflare’s Trust Hub to learn about additional compliance resources.
Learn more about how Cloudflare’s connectivity cloud capabilities help enterprises streamline and map to compliance requirements across multiple standards by visiting our data compliance and protection page.
Resources
Aligning to NIS2 cyber security risk management obligations in the EU with Cloudflare
How Cloudflare helps address locality obligations, data protection in Europe
Aligning to NIS2 cyber security risk management obligations in the EU with Cloudflare
How Cloudflare helps address locality obligations, data protection in Europe
Aligning to NIS2 cyber security risk management obligations in the EU with Cloudflare
How Cloudflare helps address locality obligations, data protection in Europe