Zscaler Zero Trust exchange security platform meets C5 requirements of BSI
August 2022 by Marc Jacob
Zscaler, inc. has received confirmation of its compliance with the requirements of the German Federal Office for Information Security (BSI) C5 catalogue for cloud infrastructure across its 150 global data centers, as approved by an independent auditor. The BSI’s current C5 standard covers 125 requirements in 17 areas and builds on ISO 27001 and 27017 certifications to provide authorities and companies with detailed information on the operation, availability and organisation of the information security and physical security of tested cloud providers. The report demonstrates Zscaler’s ongoing commitment to maintaining the security controls required to operate its Zero Trust Exchange cloud infrastructure, building on federal agency standards.
The cloud computing compliance criteria catalogue (C5) specifies the minimum information security requirements of a cloud service provider. Organisations thus receive transparency when it comes to the security controls of a prospective cloud service, which can be used for the selection of the provider as well as for their own risk management and assessment. In order to support the insight of customers, the C5 report lists information about the general operating conditions, availability and incidence handling, as well as the location of the provider‘s data centres and subcontracting partners. Through the compliance audit, Zscaler’s global security cloud has demonstrated that it meets the requirements for cloud providers that German authorities and public institutions must take into account when selecting a provider.
The Zscaler cloud platform delivers a validated solution to public and private organisations to securely access cloud, internet, and Software-as-a-Service (SaaS) applications from any device or location while meeting or exceeding government requirements and the latest addition of an attestation builds on recent Zscaler certifications including:
• ZIA achieved FedRAMP-High Authorisation
• ZPA achieved FedRAMP-High JAB Authorisation
• ZIA received Authorisation to Operate (ATO) at the Moderate Impact level