Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

CSA Official Press Release

Published 03/04/2019

Home
Press Releases
Cloud Security Alliance Launches STAR Continuous, a Compliance Assessment Program for Cloud Service Providers

Cloud Security Alliance Launches STAR Continuous, a Compliance Assessment Program for Cloud Service Providers

Chance to align security validation capabilities with cloud security compliance gives enterprises a competitive edge

SAN FRANCISCO – March 4, 2019 – RSA CONFERENCE 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced STAR Continuous Self Assessment, the first release of an evolving continuous-compliance assessment program for cloud services that gives cloud service providers (CSPs) the opportunity to align their security validation capabilities with cloud security compliance and certification on an ongoing basis.

CSA STAR Continuous is an integral part of the CSA STAR program, the industry’s leading cloud governance and compliance program that enables organizations to increase their levels of assurance and transparency for security and privacy. STAR consists of three levels of assurance (Self-Assessment, Third-Party Certification and Continuous Auditing), based upon the CSA Cloud Controls Matrix (CCM), the Consensus Assessments Initiative Questionnaire (CAIQ), and the CSA Code of Conduct for GDPR Compliance. Future releases will be Level 2 Extended Certification with Continuous Self-Assessment and Level 3 Continuous Certification.

“In attempting to reduce the complexity and costs of traditional IT, more organizations are evaluating cloud options first before making any new IT investments. However, many CIOs remain apprehensive about transferring services into the cloud—cyber security, ownership of data, and privacy are key concerns. Simultaneously, security controls, compliance, and the call for increased transparency are rapidly becoming baseline expectations of users – especially enterprise customers. STAR Continuous, which offers increased reliability of results, transparency and ease of use of the CSP’s assurance reports will give enterprises a competitive advantage in today’s environment,” said Daniele Catteddu, CTO, Cloud Security Alliance.

Among its benefits, STAR Continuous gives CSPs the opportunity to:

  • update a STAR Self-Assessment on a monthly basis (STAR Continuous Self-Assessment);
  • support a third-party based certification (e.g. STAR Certification) with additional and updated information on the CSP security posture (STAR Certification/Attestation + STAR Continuous Self- Assessment); and
  • establish a process to continuously audit a CSP security program or ISMS and offer proof of an ISMS that goes beyond the basic compliance certification model and for proof that there is a process in place that continually monitors critical aspects of the system (STAR Continuous Auditing).

In addition, it can help cloud service providers:

  • provide top management with greater visibility so they can evaluate the effectiveness of their management system in real-time in relation to expectations of internal, regulatory and the cloud security industry standards;
  • implement an audit that is designed to reflect how their organization’s objectives are aimed at optimizing the cloud services;
  • demonstrate progress and performance levels that go beyond the traditional “point in time” scenario; and
  • provide their customers with a greater understanding of the level of controls that are in place, along with their effectiveness.

CSA is committed to helping customers have a deeper understanding of their security postures and to that end developed the CSA STAR Program in 2011. Since that time, the organization has continued to invest heavily in its success. Among the milestones:

  • CSA STAR Attestation, which combines the CSA’s best practices with SOC 2 attestation reporting developed by the American Institute of CPAs (AICPA).
  • Governments and enterprises around the world referenced CSA STAR in 2014 as a requirement for their RFPs.
  • CSA, in conjunction with Chinese certification body CEPREI, developed a version of CSA STAR for the Chinese market based on the CSA CCM and Chinese national standard GB/T 22080.
  • Enhancements to the CSA STAR web page to provide site visitors with an improved user experience.
  • Hiring of John DiMaria, formerly of the British Standards Institution (BSI). DiMaria was a key innovator and co-author of the CSA STAR Certification for cloud providers, in addition to designing and developing the CSA STAR webinars. Prior to joining CSA, DiMaria was an active volunteer where he was co-chair of the Open Certification Framework (OCF) and Cloud Trust Protocol (CTP) Working Groups.

To learn more or get started, download STAR Continuous Technical Guidance.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Contact
Kari Walker for the CSA
ZAG Communications
703.928.9996
[email protected]

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.