CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
Security Enabled Innovation and Cloud Trends Expel commissioned CSA to develop a survey and report to understand better the industry’s knowledge, attitudes, and opinions regarding security’s relation... Request to download | |
Security Implications of ChatGPT This position paper provides analysis across four dimensions: How it can benefit cybersecurity, how it can benefit malicious attackers, how ChatGPT might ... Request to download | |
Serverless Working Group Charter 2023 The Serverless Working Group seeks to develop best practices to help organizations that want to run their business with a serverless computing model. Serv... Request to download | |
Zero Trust Guiding Principles Zero Trust is a strategic mindset that is highly useful for organizations to adopt as part of their digital transformations and other efforts to increase ... Request to download | |
Zero Trust Principles and Guidance for Identity and Access Management (IAM) Identity and the ability to consume information about that identity as well as other Zero Trust (ZT) signals (additional attributes about an identity), is... Request to download | |
What is IAM for the Cloud? The threat landscape has materially changed over the years to the point that Identity and Access Management (IAM) is a core component of any digital acces... Request to download | |
Cloud and Compromise (C&C): Gamifying of Cloud Security CSA’s Top Threats Working Group works to identify the most significant cloud security threats, vulnerabilities, and weaknesses; analyze major incidents; a... Request to download | |
CSA Code of Conduct Gap Resolution and Annex 10 to the CSA Code of Conduct for GDPR Compliance This bundle from the CSA Privacy Level Agreement Working Group includes:CSA Code of Conduct Gap Resolution spreadsheetAnnex 10 to the CSA Code of Conduct ... Request to download | |
Security Implications of ChatGPT - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download | |
Understanding Cloud Attack Vectors The goal of the document is to map the various attack vectors that are actually being used during cloud-based attacks in IaaS/PaaS and to map the vectors ... Request to download | |
State of Financial Services in Cloud In recent years, the financial services industry has increasingly adopted cloud services. This trend is expected to continue with the further adoption and... Request to download | |
State of SaaS Security: 2023 Survey Report In today’s digital landscape, SaaS has emerged as a vital lifeline for operations in organizations big and small. As businesses entrust the cloud with the... Request to download | |
High Performance Computing Tabletop Guide This guide lays out the framework necessary to host a High Performance Computing (HPC)-focused cyberattack tabletop exercise (TTX) so that organizations c... Request to download | |
Medical Devices in A Zero Trust Architecture - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download | |
CCM Machine Readable Bundle (JSON/YAML/OSCAL) CSA provides in a machine-readable format the CCM Controls, CAIQ Security Questionnaire, Implementation Guidelines (both JSON/YAML and OSCAL) and Mappings... Request to download | |
How to Design a Secure Serverless Architecture (2023 Version) - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download | |
Enterprise Authority to Operate Working Group Charter 2023 The mission of the Enterprise Authority to Operate (EATO) Working Group is to develop, maintain, review, update, support and deploy of a concentrated assessm... Request to download | |
Medical Devices in A Zero Trust Architecture Today’s medical devices often connect to the cloud, which increases the risk by expanding the attack surface. This presents the Healthcare Delivery Organi... Request to download | |
An Agile Data Doctrine for a Secure Data Lake Data is now a significant asset in most organizations around the globe, whether government, business, or not-for-profit; the inevitable shift toward its u... Request to download | |
The Six Pillars of DevSecOps: Automation - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |