MISSION STATEMENT
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
Learn More
Latest News 
February 24, 2015
The International Association of Privacy Professionals and Cloud Security Alliance Announce Privacy. Security. Risk. 2015 Conference and Call for Speaker Proposals
The IAPP’s Privacy Academy and CSA Congress present P.S.R., two conferences with one powerhouse program to connect privacy and security professionals Portsmouth, NH – February 23, 2015 – The International Association of Privacy Professionals (IAPP), the largest organization of privacy professionals in the world, and the Cloud Security Alliance (CSA), a not-for-profit organization with a…
February 24, 2015
GAPERTISE JOINS CLOUD SECURITY ALLIANCE AS EXECUTIVE MEMBER
Mobile Application Testing Firm Partners with CSA to Collaborate on Research for Next Generation Mobile Application Testing and Assurance Singapore – February 24, 2015 – The Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing, today announced that Gapertise, a…
January 14, 2015
EY helps Ribose Make History with First Cloud Security Alliance (CSA) STAR Attestation
EY helps Ribose Make History with First Cloud Security Alliance (CSA) STAR Attestation
Latest In Research
January 09, 2015
Cloud Security Alliance New Survey Finds Companies are in the Dark on Shadow IT Usage
Security of Data in the Cloud Now an Executive-Level Concern; Skills Gap an Added Barrier to Cloud Adoption
December 09, 2014
Survey Opportunity: CloudWATCH Cloud Certifications guidelines
Share your experience and help us recommend security and privacy certifications to cloud customers, service providers & policy.
October 24, 2014
CSA Seeks Input on Open Peer Review: CSA Quantum-Safe Security Working Group Charter
The focus of the Quantum‐Safe Security working group is on cryptographic methods that will remain safe after the widespread availability of the quantum computer.
certification
CCSK: Certificate of Cloud Security Knowledge
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud. Learn More
Training
CSA Training
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training. Learn More
Downloads
Big Data Taxonomy
A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.
Release Date: September 18, 2014
Consensus Assessments Initiative Questionnaire v3.0.1
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0″
Release Date: July 11, 2014
Cloud Controls Matrix v3.0.1
New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment.
Release Date: July 11, 2014
Enterprise Architecture v2.0
The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals to leverage a common set of solutions that fulfill their common needs to be able to assess where their internal IT and their cloud providers are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.
Release Date: February 25, 2013
Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union
The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection policies, procedures and practices used when processing personal data that customers upload or store in the CSP’s servers.
Release Date: February 24, 2013
Security Guidance for Critical Areas of Mobile Computing
Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.
Release Date: November 08, 2012
Security Guidance for Critical Areas of Focus in Cloud Computing V3.0
The CSA guidance as it enters its third edition seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable road map to managers wanting to adopt the cloud paradigm safely and securely. Domains have been rewritten to emphasize security, stability and privacy, ensuring corporate privacy in a multi-tenant environment.
Release Date: November 14, 2011
Consensus Assessments Initiative Questionnaire v1.1
Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.
Release Date: September 01, 2011
Cloud Adoption Practices & Priorities Survey Report
Release Date: January 09, 2015
AOSSL and CCM Technote
Release Date: December 18, 2014
Quantum-Safe Security Working Group Charter
Charter outlining the purpose and operations of the Quantum-Safe Security Working Group.
Release Date: December 12, 2014
Big Data Taxonomy
A research document outlining the six dimensions of big data to help decision makers navigate the myriad choices in compute and storage infrastructures as well as data analytics techniques, and security and privacy frameworks.
Release Date: September 18, 2014
Cloud Usage: Risks and Opportunities Survey Report
Release Date: September 15, 2014
Data Protection Heat Index Survey Report
Release Date: September 12, 2014
Consensus Assessments Initiative Questionnaire v3.0.1 Info Sheet
Release Date: July 29, 2014
Cloud Controls Matrix v3.0.1 Info Sheet
Release Date: July 29, 2014
STAR Overview PDF
The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumers, and is used by customers, providers, industries and governments around the world.
Release Date: July 18, 2014
Security, Trust
& Assurance Registry
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
Kronos- Palerra
- Inspur
- Battelle
- EMC
Translate CSA
Get Involved
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.
