+Product Safety and Security (PSS)
---+PSS-01 Guidelines and Recommendations for Cloud Service Customers
------+PSS-01.01B
------+PSS-01.02B
------+PSS-01.03B
------+PSS-01.04B
------+PSS-01.01AC
------+PSS-01 Supplementary Information - Complementary Customer Criteria
---+PSS-02 Identification of Vulnerabilities of the Cloud Service
------+PSS-02.01B
------+PSS-02.02B
------+PSS-02.03B
------+PSS-02.01AC
---+PSS-03 Informing Customers about Known Vulnerabilities
------+PSS-03.01B
------+PSS-03.02B
------+PSS-03.03B
------+PSS-03.04B
------+PSS-03.05B
------+PSS-03.01AC
------+PSS-03.02AC
------+PSS-03 Supplementary Information - Complementary Customer Criteria
---+PSS-04 Error handling and Logging Mechanisms
------+PSS-04.01B
------+PSS-04.02B
------+PSS-04.03B
------+PSS-04.04B
------+PSS-04.05B
------+PSS-04.06B
------+PSS-04.01AC
------+PSS-04 Supplementary Information - Complementary Customer Criteria
---+PSS-05 Authentication Mechanisms
------+PSS-05.01B
------+PSS-05.02B
------+PSS-05.01AC
------+PSS-05 Supplementary Information - Complementary Customer Criteria
---+PSS-06 Session Management
------+PSS-06.01B
------+PSS-06.02B
------+PSS-06 Supplementary Information - Complementary Customer Criteria
---+PSS-07 Confidentiality of Authentication Information
------+PSS-07.01B
------+PSS-07.02B
------+PSS-07.03B
------+PSS-07 Supplementary Information - Complementary Customer Criteria
---+PSS-08 Roles and Rights Framework
------+PSS-08.01B
------+PSS-08.02B
------+PSS-08.03B
------+PSS-08.04B
------+PSS-08 Supplementary Information - Complementary Customer Criteria
---+PSS-09 Authorisation Mechanisms
------+PSS-09.01B
------+PSS-09.02B
------+PSS-09.03B
------+PSS-09.01AC
------+PSS-09 Supplementary Information - Complementary Customer Criteria
---+PSS-10 Software Defined Networking
------+PSS-10.01B
------+PSS-10.02B
------+PSS-10 Supplementary Information - Complementary Customer Criteria
---+PSS-11 Images for Virtual Machines and Containers
------+PSS-11.01B
------+PSS-11.01AC
------+PSS-11.02AC
------+PSS-11 Supplementary Information - Complementary Customer Criteria
---+PSS-12 Region of Data Processing and Storage
------+PSS-12.01B
------+PSS-12.02B
------+PSS-12.03B
------+PSS-12.04B
------+PSS-12.01AC
------+PSS-12.02AC
------+PSS-12.01AS
------+PSS-12.02AS
------+PSS-12 Supplementary Information - Complementary Customer Criteria

1. Overview

Product Safety and Security (PSS)

Objective: Provide up-to-date information on the secure configuration and known vulnerabilities of the cloud service for cloud service customers, appropriate mechanisms for troubleshooting and logging, as well as authentication and authorisation of users of cloud service customers

Summary	Standard
PSS-01 Guidelines and Recommendations for Cloud Service Customers	-
PSS-02 Identification of Vulnerabilities of the Cloud Service	-
PSS-03 Informing Customers about Known Vulnerabilities	-
PSS-04 Error handling and Logging Mechanisms	-
PSS-05 Authentication Mechanisms	-
PSS-06 Session Management	-
PSS-07 Confidentiality of Authentication Information	-
PSS-08 Roles and Rights Framework	-
PSS-09 Authorisation Mechanisms	-
PSS-10 Software Defined Networking	-
PSS-11 Images for Virtual Machines and Containers	-
PSS-12 Region of Data Processing and Storage	-

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html

Impressum