MISSION STATEMENT
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
Learn More
Latest News 
April 02, 2014
Cloud Security Alliance (CSA) Announces SAP Has Joined CSA as an Executive Corporate Member
SAP will participate in key research with the CSA on Horizon 2020 – the EU framework programme for research and innovation.
April 01, 2014
SIT Partners The Cloud Security Alliance In Landmark Agreement
SIT students will have the opportunity to participate in CSA events in Asia Pacific, and will be given priority placements to work with CSA during the course of their studies.
March 17, 2014
Cloud Security Alliance Opens Call for Presentations for EMEA Congress 2014
The Cloud Security Alliance and MIS Training Institute have opened the call for papers for the 2014 EMEA Congress, to be held November 19-20th at the Parco dei Principi in Rome.
Latest In Research
April 09, 2014
CSA Seeks Input on Open Peer Review: CAIQ v3.0.1
CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014.
April 09, 2014
CSA Seeks Input on Open Peer Review: CCM v3.0.1
Cloud Security Alliance announces an open peer review period for the Cloud Controls Matrix (CCM) v3.0.1, now through May 8, 2014.
April 03, 2014
Cloud Security Alliance Announces Launch Of Privacy Level Agreement (PLA) V.2 Working Group
PLA v2 seeks to provide a clear and effective way to communicate to customers the level of data protection offered by a CSP.
top downloads
| Title, Description | Version | Release Date | Download |
|---|---|---|---|
| Security Guidance |
3 | 11/14/2011 | Download |
| Cloud Controls Matrix |
3 | 09/26/2013 | Download |
| Consensus Assessments Initiative Questionnaire |
1.1 | 09/01/2011 | Download |
| The Notorious Nine: Cloud Computing Top Threats in 2013 |
1.0 | 02/25/2013 | Download |
| Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union |
1.0 | 02/25/13 | Download |
| CSA Position Paper on AICPA Service Organization Control Reports | 1.0 | 02/25/2013 | Download |
| Security Guidance for Critical Areas of Mobile Computing |
1.0 | 11/08/2012 | Download |
| Top Threats to Mobile Computing |
1.0 | 10/04/2012 | Download |
| Mobile Device Management: Key Components |
1.0 | 09/20/2012 | Download |
| Cloud Consumer Advocacy Questionnaire and Information Survey Results (CCAQIS) |
1 | 11/16/2011 | Download |
| TCI Reference Architecture Model |
2.0 | 02/25/2013 | Download |
| SecaaS Defined Categories of Service 2011 |
1.0 | 09/26/2011 | Download |
| GRC Stack |
-- | -- | Download |
| CSA Chapter Launch Guide |
1.0 | --/--/2011 | Download |
certification
CCSK: Certificate of Cloud Security Knowledge
The Certificate of Cloud Security Knowledge (CCSK) is designed to ensure that a broad range of professionals with a responsibility related to cloud computing have a demonstrated awareness of the security threats and best practices for securing the cloud. Learn More
Training
CSA Training
The Cloud Security Alliance offers training in the following three areas: CCSK training, PCI Cloud training, GRC Stack training. Learn More
RESEARCH INITIATIVES
Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.
Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.
Cloud Controls Matrix
Security controls framework for cloud provider and cloud consumers
Cloud Controls Matrix
Security controls framework for cloud provider and cloud consumers
Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers
Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers
Cloud Audit
Forum in which providers can automate the Audit, Assertion, Assessment, and Assurance (A6) of IaaS, PaaS, and SaaS environments.
Cloud Audit
Forum in which providers can automate the Audit, Assertion, Assessment, and Assurance (A6) of IaaS, PaaS, and SaaS environments.
CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.
CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.
Trusted Cloud Initiative
Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud
Trusted Cloud Initiative
Promote Education, Research and Certification of Secure and Interoperable Identity in the Cloud
GRC Stack
An integrated suite of 4 CSA initiatives: CloudAudit, Cloud Controls Matrix, CAI Questionnaire, the Cloud Trust Protocol.
GRC Stack
An integrated suite of 4 CSA initiatives: CloudAudit, Cloud Controls Matrix, CAI Questionnaire, the Cloud Trust Protocol.
Cloud Trust Protocol
The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.
Cloud Trust Protocol
The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.
Health Information Managment
Provide direct influence on how health information service providers deliver secure cloud solutions to their clients.
Health Information Managment
Provide direct influence on how health information service providers deliver secure cloud solutions to their clients.
Cloud Data Governance
Understanding the requirements and needs of stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.
Cloud Data Governance
Understanding the requirements and needs of stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.
Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.
Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.
Top Threats
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.
Top Threats
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.
Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.
Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.
Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.
Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.
Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.
Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.
Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.
Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.
Privacy Level Agreement
This working group will create PLA templates that can be a powerful self-regulatory harmonization tool.
Privacy Level Agreement
This working group will create PLA templates that can be a powerful self-regulatory harmonization tool.
Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.
Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.
Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing.
Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing.
Security, Trust
& Assurance Registry
STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Welcome New Members
The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:
Beisen- Brightline
- Unitas Global
- Five9
- Dropbox
Translate CSA
Get Involved
Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.
Cloud Security Readiness Tool
Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.
Get Started Now