Compliance / By country / BSI C5
BSI C5 (Cloud Computing Compliance Criteria Catalogue) and Microsoft 365
Germany's cloud attestation catalogue, often required in cloud procurement. Siemserva by Senserva maps 407+ Microsoft 365 and Entra ID checks to the areas BSI C5 emphasizes, so a scan of your tenant doubles as evidence.
What BSI C5 is
C5 is the BSI's cloud-specific attestation catalogue, frequently required when German organizations procure cloud services. It positions your Microsoft 365 tenant configuration, identity, access, logging, and cryptography, within a defensible cloud security posture.
How Siemserva maps to BSI C5
BSI C5 asks for strong identity, access control, and monitoring. Siemserva evidences those areas with the checks below, each ranked by Severity and checked against your own tenant:
Identity and access management (60 checks)
Conditional Access (60 checks)
Logging and audit (43 checks)
Data protection (24 checks)
Device compliance (220 checks)
See every check with its Severity and remediation in the checks catalog, or the per-control detail in the control reference.
Evidence BSI C5 in your own Microsoft 365
Siemserva by Senserva runs the identity, access, privileged-access, and logging checks above, and 650+ others, against your own tenant: it shows where you meet or miss each requirement, ranks the gaps by Severity, and produces audit-ready evidence and validated fixes to close them.
BSI C5 and Microsoft 365: common questions
Does BSI C5 apply to Microsoft 365?
BSI C5 (Cloud Computing Compliance Criteria Catalogue) does not name Microsoft 365 specifically, but its identity, access-control, and logging requirements are met (or missed) in your Microsoft 365 and Entra ID configuration. That is where Siemserva checks provide the evidence.
How does Siemserva map to BSI C5?
Siemserva runs 407+ Microsoft 365 and Entra ID checks across the areas BSI C5 emphasizes, multi-factor authentication, Conditional Access, privileged access, and logging, ranks the gaps by Severity, and produces audit-ready evidence. It is evidence, not an official mapping or certification.
Is this an official BSI C5 certification?
No. Senserva is not an assessor and issues no certifications. It provides the configuration evidence, Severity ranking, and remediation that make an assessment defensible. Confirm requirements with your assessor or regulator.
More: the frameworks crosswalk, Microsoft 365 compliance by country, and the audit evidence guide.