{"id":3629,"date":"2026-05-06T10:44:28","date_gmt":"2026-05-06T08:44:28","guid":{"rendered":"https:\/\/35x.de\/?p=3629"},"modified":"2026-05-06T10:44:30","modified_gmt":"2026-05-06T08:44:30","slug":"bsi-c3a","status":"publish","type":"post","link":"https:\/\/35x.de\/en\/european-sovereign-cloud\/bsi-c3a\/","title":{"rendered":"BSI C3A"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"3629\" class=\"elementor elementor-3629\">\n\t\t\t\t<div class=\"elementor-element elementor-element-61388dcc e-flex e-con-boxed e-con e-parent\" data-id=\"61388dcc\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-327de7f3 elementor-widget elementor-widget-heading\" data-id=\"327de7f3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Der BSI C3A ist da: Das Ende der Briefkasten-Souver\u00e4nit\u00e4t?!<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-35176140 e-flex e-con-boxed e-con e-parent\" data-id=\"35176140\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-10d56cf6 e-con-full e-flex e-con e-child\" data-id=\"10d56cf6\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-78acd484 elementor-widget elementor-widget-text-editor\" data-id=\"78acd484\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Seit dem 27, April 2026 ist der lang erwartete <a title=\"BSI C3A\" href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/CloudComputing\/C3A_Cloud_Computing_Autonomy.html?nn=520690\" target=\"_blank\" rel=\"noopener\"><strong>BSI C3A<\/strong><\/a> da und beendet die \u00c4ra, in der \u201edigitale Souver\u00e4nit\u00e4t\u201c lediglich ein Synonym f\u00fcr eine deutsche Postanschrift und ein lokales Rechenzentrum war. F\u00fcr viele selbsternannte souver\u00e4ne Anbieter bedeutet dieses Papier ein massives Paket an technologischen Hausaufgaben. Wer bisher nur mit Standort-Marketing gepunktet hat, muss jetzt architektonisch Farbe bekennen.<\/p><p>Aber wie genau trennt jetzt der C3A die Spreu vom Weizen?<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-53cba0fb e-con-full e-flex e-con e-child\" data-id=\"53cba0fb\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6944832 elementor-widget elementor-widget-image\" data-id=\"6944832\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"878\" height=\"1024\" src=\"https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-878x1024.png\" class=\"attachment-large size-large wp-image-3631\" alt=\"BSI C3A\" srcset=\"https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-878x1024.png 878w, https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-257x300.png 257w, https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-768x896.png 768w, https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-1317x1536.png 1317w, https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-10x12.png 10w, https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin.png 1660w\" sizes=\"(max-width: 878px) 100vw, 878px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-573b5a86 e-flex e-con-boxed e-con e-parent\" data-id=\"573b5a86\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3c080608 elementor-widget elementor-widget-heading\" data-id=\"3c080608\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">1. Daten-Souver\u00e4nit\u00e4t: Architektur schl\u00e4gt Adresse (BSI C3A SOV-3)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-184936f0 e-flex e-con-boxed e-con e-parent\" data-id=\"184936f0\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-22c7b83d elementor-widget elementor-widget-text-editor\" data-id=\"22c7b83d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Der C3A verlagert die Kontrolle konsequent zur\u00fcck zum Kunden.<\/p><ul><li><strong>Client-Side Encryption (CSE):<\/strong> Der Provider muss Client-Side Encryption erm\u00f6glichen, bei der die Schl\u00fcssel ausschlie\u00dflich beim Kunden au\u00dferhalb der Provider-Umgebung liegen. Das schlie\u00dft den technischen Zugriff des Providers auf die Daten prinzipiell aus.\u00a0\u00a0<\/li><li><strong>External Key Management (EKM):<\/strong> Die Integration externer KMS-Systeme ist f\u00fcr IaaS\/PaaS Pflicht und wird f\u00fcr SaaS als zus\u00e4tzlicher Ma\u00dfstab gesetzt.\u00a0\u00a0<\/li><li><strong>External Identity Provider (IdP):<\/strong> Hier wird es f\u00fcr viele Anbieter eng. Gefordert wird ein <strong>stateless authentication model<\/strong>, das keine Kopien von Benutzerkonten in der Provider-Umgebung erzwingt. Die Autorisierung muss dynamisch \u00fcber Claims direkt vom Kunden-IdP gesteuert werden.\u00a0\u00a0<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-6365d5b8 e-flex e-con-boxed e-con e-parent\" data-id=\"6365d5b8\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-49f642d6 elementor-widget elementor-widget-heading\" data-id=\"49f642d6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">2. Operative Autarkie &amp; Disconnect (BSI C3A SOV-4)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-72302454 e-con-full e-flex e-con e-child\" data-id=\"72302454\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d3f8ff4 elementor-widget elementor-widget-text-editor\" data-id=\"d3f8ff4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Souver\u00e4nit\u00e4t bedeutet bei C3A die F\u00e4higkeit zur Isolation. Wer am \u201eTropf\u201c einer globalen Mutter oder eines Drittanbieters h\u00e4ngt, scheitert an diesen H\u00fcrden:<\/p><ul><li><strong>Kill-Switch-Resistenz:<\/strong> Der Anbieter muss in der Lage sein, alle Nicht-EU-Netzwerkverbindungen (inklusive Lizenz- und Heartbeat-Servern) zu kappen, ohne die Verf\u00fcgbarkeit oder Integrit\u00e4t des Dienstes zu gef\u00e4hrden.\u00a0\u00a0<\/li><\/ul><p><strong>Die 90-Tage-Regel:<\/strong> Nach einem Disconnect muss der Betrieb inklusive Update-Prozessen f\u00fcr mindestens 90 Tage autark aufrechterhalten werden k\u00f6nnen.\u00a0\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-56fbcca6 e-flex e-con-boxed e-con e-parent\" data-id=\"56fbcca6\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4ea291e3 elementor-widget elementor-widget-heading\" data-id=\"4ea291e3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">3. Patch-Autonomie: Wissen statt Weiterleitung (BSI C3A SOV-6)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-6f10bd3c e-con-full e-flex e-con e-child\" data-id=\"6f10bd3c\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2ee2b9c2 elementor-widget elementor-widget-text-editor\" data-id=\"2ee2b9c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Der C3A fordert echte technologische Tiefe:<\/p><ul><li><strong>Unabh\u00e4ngige Remediation:<\/strong> Im Ernstfall muss der Provider Sicherheitsl\u00fccken <strong>unabh\u00e4ngig vom Software-Hersteller<\/strong> schlie\u00dfen k\u00f6nnen.\u00a0\u00a0<\/li><li><strong>Engineering-Power:<\/strong> Daf\u00fcr m\u00fcssen lokales Spezialisten-Personal und Build-Umgebungen vorgehalten werden, um Notfall-Patches selbst zu kompilieren und auszurollen.\u00a0\u00a0<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e78d410 e-flex e-con-boxed e-con e-parent\" data-id=\"e78d410\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1ff6f2a elementor-widget elementor-widget-text-editor\" data-id=\"1ff6f2a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ich finde, der C3A ist der l\u00e4ngst \u00fcberf\u00e4llige Impuls f\u00fcr echten technologischen Fortschritt. Souver\u00e4nit\u00e4t wird von einer juristischen Floskel zu einer <strong>Engineering-Disziplin<\/strong> hochgestuft. Anbieter m\u00fcssen nun beweisen, dass sie ihre Stacks nicht nur betreiben, sondern technologisch beherrschen. Das ist ein Sieg f\u00fcr die IT-Sicherheit und die echte Autonomie der Kunden.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-1d1a2e7 e-flex e-con-boxed e-con e-parent\" data-id=\"1d1a2e7\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3799046 elementor-widget elementor-widget-spacer\" data-id=\"3799046\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3c13430 e-flex e-con-boxed e-con e-parent\" data-id=\"3c13430\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-9ba91ec elementor-widget elementor-widget-text-editor\" data-id=\"9ba91ec\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Cloud Migration ist nur ein Teil unserer t\u00e4glichen Arbeit und genau solche Erfahrungen m\u00f6chten wir in unserem Blog teilen. Wenn Sie mehr dar\u00fcber erfahren m\u00f6chten, wie wir Technologien einsetzen, Herausforderungen meistern und gemeinsam L\u00f6sungen entwickeln, dann lohnt sich ein Blick in unsere weiteren Beitr\u00e4ge, z.B. zu unseren praktischen Erfahrungen im <a href=\"https:\/\/35x.de\/en\/cloud-basics\/openstack-practice\/\">Use of OpenStack in customer projects<\/a>. Vielleicht finden Sie dort genau die Inspiration, die sie gerade brauchen.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Der BSI C3A ist da: Das Ende der Briefkasten-Souver\u00e4nit\u00e4t?! Seit dem 27, April 2026 ist der lang erwartete BSI C3A da und beendet die \u00c4ra, in der \u201edigitale Souver\u00e4nit\u00e4t\u201c lediglich ein Synonym f\u00fcr eine deutsche Postanschrift und ein lokales Rechenzentrum war. F\u00fcr viele selbsternannte souver\u00e4ne Anbieter bedeutet dieses Papier ein massives Paket an technologischen Hausaufgaben. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3631,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[28,13],"tags":[8,17,18],"class_list":["post-3629","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-european-sovereign-cloud","category-cloud-basics","tag-blog-post","tag-cloud-journey","tag-compliance"],"uagb_featured_image_src":{"full":["https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin.png",1660,1936,false],"thumbnail":["https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-150x150.png",150,150,true],"medium":["https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-257x300.png",257,300,true],"medium_large":["https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-768x896.png",768,896,true],"large":["https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-878x1024.png",878,1024,true],"1536x1536":["https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-1317x1536.png",1317,1536,true],"2048x2048":["https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin.png",1660,1936,false],"trp-custom-language-flag":["https:\/\/35x.de\/wp-content\/uploads\/2026\/05\/2026-04-28-Tom-BSI_C3A_Linkedin-10x12.png",10,12,true]},"uagb_author_info":{"display_name":"Thomas Ristic","author_link":"https:\/\/35x.de\/en\/author\/admin\/"},"uagb_comment_info":0,"uagb_excerpt":"Der BSI C3A ist da: Das Ende der Briefkasten-Souver\u00e4nit\u00e4t?! Seit dem 27, April 2026 ist der lang erwartete BSI C3A da und beendet die \u00c4ra, in der \u201edigitale Souver\u00e4nit\u00e4t\u201c lediglich ein Synonym f\u00fcr eine deutsche Postanschrift und ein lokales Rechenzentrum war. F\u00fcr viele selbsternannte souver\u00e4ne Anbieter bedeutet dieses Papier ein massives Paket an technologischen Hausaufgaben.&hellip;","_links":{"self":[{"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/posts\/3629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/comments?post=3629"}],"version-history":[{"count":14,"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/posts\/3629\/revisions"}],"predecessor-version":[{"id":3646,"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/posts\/3629\/revisions\/3646"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/media\/3631"}],"wp:attachment":[{"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/media?parent=3629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/categories?post=3629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/35x.de\/en\/wp-json\/wp\/v2\/tags?post=3629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}