News and Announcements

Press Release

Zscaler Zero Trust Exchange Security Platform Meets C5 Requirements of BSI

Global cloud security leader awarded accreditation with the BSI’s strict catalogue of requirements for cloud computing providers and shows commitment to built on federal agency standards

München, Germany, August, 23, 2022

München, 23. August 2022 - Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, has received confirmation of its compliance with the requirements of the German Federal Office for Information Security (BSI) C5 catalogue for cloud infrastructure across its 150 global data centers, as approved by an independent auditor. The BSI's current C5 standard covers 125 requirements in 17 areas and builds on ISO 27001 and 27017 certifications to provide authorities and companies with detailed information on the operation, availability and organization of the information security and physical security of tested cloud providers. The report demonstrates Zscaler‘sTM ongoing commitment to maintaining the security controls required to operate its Zero Trust ExchangeTM cloud infrastructure, building on federal agency standards.

The Cloud Computing Compliance Criteria Catalogue (C5) specifies the minimum information security requirements of a cloud service provider. Organizations thus receive transparency when it comes to the security controls of a prospective cloud service, which can be used for the selection of the provider as well as for their own risk management and assessment. In order to support the insight of customers, the C5 report lists information about the general operating conditions, availability and incidence handling, as well as the location of the provider‘s data centers and subcontracting partners. Through the compliance audit, Zscaler's global security cloud has demonstrated that it meets the requirements for cloud providers that German authorities and public institutions must take into account when selecting a provider.

“We have added the BSI C5 attestation to our wide range of globally recognised independently audited certifications for the Zscaler Zero Trust Exchange,” comments Marc Lueck, CISO EMEA. “This new external report adds further evidence to the fact that the Zscaler  cloud is already leading, both from a provision of security standpoint as well as for the security of our platform itself and gives customers the confidence they are seeking in their selection process.”

"Zscaler as the leading cloud security company continues to build out our global compliance portfolio, C5 was viewed as a critical certification to in order support the German government and companies.  We believe the C5 criteria catalogue provides authorities and companies with guidance for the selection of a provider," says Kumar Severaj, Senior Director of Compliance at Zscaler Inc. "Our available processes, policies and measures with regard to the required security of the cloud offering have been examined on the basis of the C5 catalogue of requirements, so that authorities and increasingly more privately organised institutions can use them for their own risk assessment."

The Zscaler cloud platform delivers a validated solution to public and private organizations to securely access cloud, internet, and Software-as-a-Service (SaaS) applications from any device or location while meeting or exceeding government requirements and the latest addition of an attestation builds on recent Zscaler certifications including:

  • ZIA™ achieved FedRAMP-High Authorization
  • ZPA™ achieved FedRAMP-High JAB Authorization
  • ZIA™ received Authorization to Operate (ATO) at the Moderate Impact level

Further information about Zscaler’s certification can be found on the compliance website.

Zscaler™ and the other trademarks listed at https://www.zscaler.com/legal/trademarks are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.

About Zscaler

Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange™ is the world’s largest in-line cloud security platform.

Media Contacts

Karin Gall, EMEA Public Relations Manager, [email protected]

Natalia Wodecki, Sr. Director, Global Integrated Communications & PR, [email protected]