MISSION STATEMENT
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
Learn More
Latest News 
February 26, 2014
Software Defined Perimeter (SDP) Yet To Be Hacked; CSA Ups the Ante on Virtual Hackathon
Winner now to receive full pass to BlackHat, in addition to DEF CON.
February 24, 2014
Cloud Security Alliance Presents Industry Leadership Award To Professor Udo Helmbrecht Of Enisa
Leader of European Union’s cyber security agency honored.
February 13, 2014
CSA Board of Directors Member Alan Boehme to Deliver Closing Keynote at CSA Summit at RSA, on the Software Defined Perimeter
SDP workshop and Open Hackathon on an SDP designed network to follow.
Latest In Research
February 12, 2014
Invitation to CSA CloudBytes: CSA STAR Certification
Don’t miss your chance to join experts and learn more about the CSA STAR Certification on Thursday, February 20th at 11:00am (Pacific Time).
January 27, 2014
Mobile Working Group 2014 Kick-Off Call
Join us as we brief the audience on each of the current initiatives and generate conversation on what’s new for mobile in 2014.
December 09, 2013
Announcing the Consensus Assessments Initiative Questionnaire (CAIQ) V.3 Open Review Period
The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments.
top downloads
| Title, Description | Version | Release Date | Download |
|---|---|---|---|
| Security Guidance |
3 | 11/14/2011 | Download |
| Cloud Controls Matrix |
3 | 09/26/2013 | Download |
| Consensus Assessments Initiative Questionnaire |
1.1 | 09/01/2011 | Download |
| The Notorious Nine: Cloud Computing Top Threats in 2013 |
1.0 | 02/25/2013 | Download |
| Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union |
1.0 | 02/25/13 | Download |
| CSA Position Paper on AICPA Service Organization Control Reports | 1.0 | 02/25/2013 | Download |
| Security Guidance for Critical Areas of Mobile Computing |
1.0 | 11/08/2012 | Download |
| Top Threats to Mobile Computing |
1.0 | 10/04/2012 | Download |
| Mobile Device Management: Key Components |
1.0 | 09/20/2012 | Download |
| Cloud Consumer Advocacy Questionnaire and Information Survey Results (CCAQIS) |
1 | 11/16/2011 | Download |
| TCI Reference Architecture Model |
2.0 | 02/25/2013 | Download |
| SecaaS Defined Categories of Service 2011 |
1.0 | 09/26/2011 | Download |
| GRC Stack |
-- | -- | Download |
| CSA Chapter Launch Guide |
1.0 | --/--/2011 | Download |
certification
CCSK: Certificate of Cloud Security Knowledge
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud. Learn More
Training
CSA Training
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training. Learn More
RESEARCH INITIATIVES
Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.
Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.
Cloud Controls Matrix
Security controls framework for cloud provider and cloud consumers
Cloud Controls Matrix
Security controls framework for cloud provider and cloud consumers
Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers
Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers
Cloud Audit
Forum in which providers can automate the Audit, Assertion, Assessment, and Assurance (A6) of IaaS, PaaS, and SaaS environments.
Cloud Audit
Forum in which providers can automate the Audit, Assertion, Assessment, and Assurance (A6) of IaaS, PaaS, and SaaS environments.
CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.
CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.
Trusted Cloud Initiative
Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud
Trusted Cloud Initiative
Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud
GRC Stack
An integrated suite of 4 CSA initiatives: CloudAudit, Cloud Controls Matrix, CAI Questionnaire, the Cloud Trust Protocol.
GRC Stack
An integrated suite of 4 CSA initiatives: CloudAudit, Cloud Controls Matrix, CAI Questionnaire, the Cloud Trust Protocol.
Cloud Trust Protocol
The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.
Cloud Trust Protocol
The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.
Health Information Managment
Provide direct influence on how health information service providers deliver secure cloud solutions to their clients.
Health Information Managment
Provide direct influence on how health information service providers deliver secure cloud solutions to their clients.
Cloud Data Governance
Understanding the requirements and needs of stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.
Cloud Data Governance
Understanding the requirements and needs of stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.
Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.
Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.
Top Threats
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.
Top Threats
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.
Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.
Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.
Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.
Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.
Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.
Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.
Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.
Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.
Privacy Level Agreement
This working group will create PLA templates that can be a powerful self-regulatory harmonization tool.
Privacy Level Agreement
This working group will create PLA templates that can be a powerful self-regulatory harmonization tool.
Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.
Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.
Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing.
Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing.
Security, Trust
& Assurance Registry
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
CradlePoint- Adallom
- Elastica
- Cornerstone OnDemand
- SoftLayer
Translate CSA
Get Involved
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.
Cloud Security Readiness Tool
Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.
Get Started Now