Working Groups
Group 1: Architecture and Framework
Responsible for technical architecture and related framework definitions. CSA Guidance Domain 1.
Leadership Contact: Christofer Hoff
Group 2: GRC, Audit, Physical, BCM, DR
Responsible for Governance, Risk Management, Compliance, Auditing, Traditional/Physical Security, Business Continuity Management and Disaster Recovery. CSA Guidance Domains 2, 5 and 8.
Leadership Contact: Shawn Chaput, Jeff Spivey, Karen Worstell
Group 3: Legal and eDiscovery
Responsible for legal guidance, contractual issues, global law, eDiscovery and related issues. CSA Guidance Domains 3 and 4.
Leadership Contact: Jean Pawluk, Francoise Gilbert, Jeffrey Ritter
Group 4: Portability, Interoperability and Application Security
Responsible for application layer security issues and developing guidance to facilitate portability and interoperability between cloud providers. CSA Guidance Domains 7 and 11.
Leadership Contact: Warren Axelrod and Michael Sutton
Group 5: Identity and Access Mgt, Encryption & Key Mgt
Responsible for Identity and Access Management, Encryption and Key Management, identifying enterprise integration issues and solutions. CSA Guidance Domains 12 and 13.
Leadership Contact: Subra Kumaraswamy, Liam Lynch, Scott Matsumoto
Group 6: Data Center Operations and Incident Response
Responsible for Incident Response and Forensics, as well as identifying new issues related to cloud-based Data Center Operations. CSA Guidance Domains 9 and 10.
Leadership Contact: Jeff Reich, Wing Ko, Josh Zachry
Group 7: Information Lifecycle Management and Storage
Responsible for data-related issues in the cloud. CSA Guidance Domains 6 and 14.
Leadership Contact: Ernie Hayden
Group 8: Virtualization and Technology Compartmentalization
Responsible for understanding how to compartmentalize technologies used for multitenancy, including, but not limited to virtualization. CSA Guidance Domain 15.
Leadership Contact: Shail Khiyara, Girish Bhat
Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers
Leadership Contact: Jason Witty, Marlin Pohlman
Controls Matrix Working Group
Responsible for projects mapping cloud security controls to industry standards, regulations, frameworks and best practices. CSA Guidance All Domains.
Leadership Contact: Philip Agcaoili, Becky Swain, Marlin Pohlman
Editorial Working Group
Responsible for guidance standards and overall coherence of guidance documents. CSA Guidance All Domains.
Leadership Contact: Rich Mogull, Glenn Brunette
Educational Working Group
Responsible for developing standard educational content and facilitating regional events, conferences and other educational programs.
Leadership Contact: Dennis Hurst, Pam Fusco
Metrics Working Group
Responsible for metrics-related research
Leadership Contact: Lynn Terwoerds
Solution Provider Advisory Council
Corporate members providing cloud solutions or cloud security solutions. Responsible for articulating provider point of view.
Leadership Contact: Tim Matthews, Todd Thiemann
Solution Provider SME Advisory Council
Corporate members providing cloud solutions or cloud security solutions. Dedicated to Subject Matter Experts within our corporate members.
Leadership Contact: John Howie
Top Threats Working Group
Responsible for CSA Top Threats Research.
Leadership Contact: Dan Hubbard, Michael Sutton
Trusted Cloud Initiative
Steering Group Responsible for CSA Trusted Cloud Initiative.
Leadership Contact: Liam Lynch, Nick Nikols
- Architecture subgroup - led by Jairo Orea, ING: Join this subgroup
- Certification subgroup - led by Nico Popp, VeriSign: Join this subgroup
- Implementation subgroup - led by Scott Matsumoto, Cigital: Join this subgroup