C5 (Cloud Computing Compliance Criteria Catalogue) is an audited cloud security standard defined by Germany’s national cybersecurity authority, the Federal Office for Information Security (BSI). It establishes a mandatory minimum baseline for cloud security, designed to provide transparency, assurance, and comparability for cloud services used by German government agencies, KRITIS organizations, and regulated sectors such as healthcare and finance. Radware completed its C5 Type I attestation, performed by KPMG, confirming that Radware’s cloud service security controls were designed and implemented effectively at a specific point in time in accordance with the BSI’s C5:2020 framework.
What the C5 Attestation Provides
C5 reports deliver independent, auditor verified assurance regarding:
- The design and implementation of Radware's security controls
- Alignment with German federal cloud-security expectations (BSI C5:2020)
- Transparency into Radware's cloud-service architecture, security measures, operational processes, and supporting environments
- Cloud-provider obligations including availability, data-center locations, incident handling, subcontractor transparency, and evidence-based verification of controls
This information is essential for organizations operating in:
- Government and public sector
- KRITIS/critical infrastructure (energy, telecom, IT, financial institutions, healthcare providers, etc.)
- Healthcare — where C5 compliance is legally mandatory under Section 393 of the German Social Code (SGB V)
- Enterprise sectors requiring demonstrable security assurance, compliance, and risk-mitigation capability
Role of the C5 Attestation
The Radware C5 attestation supports:
- Customer assurance & transparency when evaluating Radware cloud services
- Regulatory alignment with German federal and KRITIS requirements
- Vendor risk-management processes
- Internal governance, procurement, and security oversight
- Support for public-sector and healthcare tenders, where C5 compliance is a prerequisite for doing business
For many partners and MSSPs, C5 is a mandatory requirement before engaging in cloud service discussions.
Radware’s attestation enables these engagements and ensures our solutions meet the expectations of highly regulated markets.
Independent Assessment by KPMG
Radware’s C5 Type I attestation was conducted by KPMG, a globally recognized independent audit firm performing BSI aligned assessments. Their review confirms that Radware’s documented controls meet the stringent expectations established under the C5:2020 framework.
Availability of Radware’s C5 Attestation Report
The C5 Type I report is available to customers and partners upon request.
Because it contains sensitive security information and is subject to auditor copyright restrictions, an NDA is required prior to release.
Request Report