Research Initiatives
Security Guidance for Critical Areas of Focus in Cloud ComputingFoundational best practices for securing cloud computingDownload Version 2.1 (English), released December 17, 2009 Download Identity & Access Management Whitepaper - Released April 27, 2010 Download Application Security Whitepaper - Released July 28, 2010 Go to Guidance page (other languages, deprecated versions) |
Controls MatrixSecurity controls framework for cloud provider and cloud consumersDownload Version 1.0 (English), released April 27, 2010 Go to Controls Matrix page (other file formats) Sign up for Working Group |
Consensus Assessments InitiativeResearch tools and processes to perform consistent measurements of cloud providersSign up for Working Group |
Cloud MetricsMetrics designed for Cloud Controls Matrix and CSA GuidanceSign up for Working Group |
Trusted Cloud InitiativeSecure, interoperable identity in the cloudDownload Identity & Access Management Whitepaper Go to Trusted Cloud page Sign up for Working Group |
Top Threats to Cloud ComputingThreat research updated twice yearlyDownload Top Threats Report V1.0 Go to Top Threats page Sign up for Working Group |
CloudAudit (partner project)The goal of CloudAudit is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.Go to website |
Common Assurance Maturity Model (partner project)Provide an objective framework for transparently benchmarking capabilities to deliver information assurance maturity of a selected solutions across ones supply chain. Broad coalition led by ENISASite coming soon. |
Full Working Group Listing
Group 1: Architecture and Framework
Responsible for technical architecture and related framework definitions. CSA Guidance Domain 1.
Leadership Contact: Christofer Hoff
Group 2: GRC, Audit, Physical, BCM, DR
Responsible for Governance, Risk Management, Compliance, Auditing, Traditional/Physical Security, Business Continuity Management and Disaster Recovery. CSA Guidance Domains 2, 5 and 8.
Leadership Contact: Shawn Chaput, Jeff Spivey, Karen Worstell
Group 3: Legal and eDiscovery
Responsible for legal guidance, contractual issues, global law, eDiscovery and related issues. CSA Guidance Domains 3 and 4.
Leadership Contact: Jean Pawluk, Francoise Gilbert, Jeffrey Ritter
Group 4: Portability, Interoperability and Application Security
Responsible for application layer security issues and developing guidance to facilitate portability and interoperability between cloud providers. CSA Guidance Domains 7 and 11.
Leadership Contact: Warren Axelrod and Michael Sutton
Group 5: Identity and Access Mgt, Encryption & Key Mgt
Responsible for Identity and Access Management, Encryption and Key Management, identifying enterprise integration issues and solutions. CSA Guidance Domains 12 and 13.
Leadership Contact: Subra Kumaraswamy, Liam Lynch, Scott Matsumoto
Group 6: Data Center Operations and Incident Response
Responsible for Incident Response and Forensics, as well as identifying new issues related to cloud-based Data Center Operations. CSA Guidance Domains 9 and 10.
Leadership Contact: Jeff Reich, Wing Ko, Josh Zachry
Group 7: Information Lifecycle Management and Storage
Responsible for data-related issues in the cloud. CSA Guidance Domains 6 and 14.
Leadership Contact: Ernie Hayden
Group 8: Virtualization and Technology Compartmentalization
Responsible for understanding how to compartmentalize technologies used for multitenancy, including, but not limited to virtualization. CSA Guidance Domain 15.
Leadership Contact: Shail Khiyara, Girish Bhat
Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers
Leadership Contact: Jason Witty, Marlin Pohlman
Controls Matrix Working Group
Responsible for projects mapping cloud security controls to industry standards, regulations, frameworks and best practices. CSA Guidance All Domains.
Leadership Contact: Philip Agcaoili, Becky Swain, Marlin Pohlman
Editorial Working Group
Responsible for guidance standards and overall coherence of guidance documents. CSA Guidance All Domains.
Leadership Contact: Rich Mogull, Glenn Brunette
Educational Working Group
Responsible for developing standard educational content and facilitating regional events, conferences and other educational programs.
Leadership Contact: Dennis Hurst, Pam Fusco
Metrics Working Group
Responsible for metrics-related research
Leadership Contact: Lynn Terwoerds
Solution Provider Advisory Council
Corporate members providing cloud solutions or cloud security solutions. Responsible for articulating provider point of view.
Leadership Contact: Tim Matthews, Todd Thiemann
Solution Provider SME Advisory Council
Corporate members providing cloud solutions or cloud security solutions. Dedicated to Subject Matter Experts within our corporate members.
Leadership Contact: John Howie
Top Threats Working Group
Responsible for CSA Top Threats Research.
Leadership Contact: Dan Hubbard, Michael Sutton
Trusted Cloud Initiative
Steering Group Responsible for CSA Trusted Cloud Initiative.
Leadership Contact: Liam Lynch, Nick Nikols
- Architecture subgroup - led by Jairo Orea, ING: Join this subgroup
- Certification subgroup - led by Nico Popp, VeriSign: Join this subgroup
- Implementation subgroup - led by Scott Matsumoto, Cigital: Join this subgroup