Artifacts

Cloud Key Management Charter

Cloud Key Management Charter

Description: The Cloud Key Management Working Group will facilitate the standards for seamless integration between CSPs and Key Broker vendor platforms. It will ensure that enterprise key policies are standardized and implemented in a consistent manner, and that standardization will take place across key management lifecycle operations and a common set of APIs.
Ten Most Critical Risks for Serverless Applications

Ten Most Critical Risks for Serverless Applications

The “Ten Most Critical Risks for Serverless Applications v1.0” document is meant to serve as a security awareness and education guide. The document is curated and maintained by top industry practitioners and security researchers with vast experience in application security, cloud and serverless architectures.
Guidance v4 Info Sheet

Guidance v4 Info Sheet

Description: This version, the first major update since 2011, is the culmination of over a year of dedicated research and public participation from the CSA community, working groups, and the public at large. The Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing acts as a practical, actionable roadmap for individuals and organizations looking to safely and securely adopt the cloud paradigm.
Guideline on Effectively Managing Security Service in the Cloud

Guideline on Effectively Managing Security Service in the Cloud

This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services.
SecaaS Working Group Charter

SecaaS Working Group Charter

Description: In order to improve understanding, perception, and thus reputation, Security as a Service requires a clear definition and direction to ensure it is understood and to improve the adoption across industry sectors. This will ensure the market has a clear understanding of what SecaaS is, what it means, the services encompassed and how they can be implemented.
SDP Architecture Guide v2

SDP Architecture Guide v2

Network security architectures, tools, and platforms are falling far short of meeting the challenges presented by today’s threat landscape. Whether you’re reading the headlines in mainstream media, working day-to-day as a network defender, or are a security vendor, it’s clear that our commercial enterprises, governmental organizations, and critical infrastructures are unable to successfully contend with the ongoing and persistent attacks from a wide variety of attackers.
CCSK v4 Exam Preparation Kit

CCSK v4 Exam Preparation Kit

CCSK v4 Exam Preparation Kit

Release Date: 08/30/2017

CCSK v3 Exam Preparation Kit

CCSK v3 Exam Preparation Kit

CCSK v3 Exam Preparation Kit

Release Date: 08/30/2017

CSA Official Press Kit

CSA Official Press Kit

CSA Official Press Kit

Release Date: 03/30/2017

Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

Using BlockChain Technology to Secure the Internet of Things - Japanese Translation

本書「IoT セキュリティのためのブロックチェーン技術の活用」は、Cloud Security Alliance (CSA)が公開して いる「Using Blockchain Technology to Secure the Internet of Things」の日本語訳です。本書は、CSA ジャパ ンが、CSA の許可を得て翻訳し、公開するものです。原文と日本語版の内容に相違があった場合には、原文が優先 されます。

Release Date: 10/03/2018

IoT Firmware Update Processes

IoT Firmware Update Processes

Description: The traditional approach to updating software for IT assets involves analysis, staging and distribution of the update—a process that usually occurs during off-hours for the business. These updates typically have cryptographic controls (digital signatures) applied to safeguard the integrity and authenticity of the software.

Release Date: 09/20/2018

Code of Conduct for GDPR Compliance - Japanese Translation

Code of Conduct for GDPR Compliance - Japanese Translation

説明: 本書「GDPR 準拠の為の行動規範」は、Cloud Security Alliance (CSA)が公開している「CODE OF CONDUCT FOR GDPR COMPLIANCE」の日本語訳および一般社団法人日本クラウドセキュリティアライア ンス(CSAジャパン)が解説を加えたものです。本書は、CSAジャパンが、CSAの許可を得て翻訳し、公開 するものです。原文と日本語版の内容に相違があった場合には、原文が優先されます。

Release Date: 09/14/2018

CCM C5 Mapping

CCM C5 Mapping

This document aims to help organizations assess and bridge compliance gaps between the cloud security frameworks of BSI and the Cloud Security Alliance (CSA). The document contain mappings, gap analysis and gaps compensation between the Cloud Controls Matrix (CCM) and the C5 compliance controls catalogue. The CSA and the CCM working group hope that organizations will find this document useful for their cloud security compliance programs.
CSA Malaysia FSI Report

CSA Malaysia FSI Report

Description: The “Cloud Adoption in the Malaysian Financial Services Industry (FSI) sector” survey was undertaken by CSA to understand and evaluate cloud adoption trends and concerns in the FSI in that country.

Release Date: 08/20/2018

Top Threats to Cloud Computing: Deep Dive

Top Threats to Cloud Computing: Deep Dive

Description: This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the Top Threats for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

Release Date: 08/08/2018

OWASP Secure Medical Devices Deployment Standard

OWASP Secure Medical Devices Deployment Standard

Description: With the explosion of botnets and other malware that now target IoT devices (of which medical devices can be considered a subtype) the need for security-minded deployments of medical devices is now more essential than ever. This guide is intended to serve as comprehensive guide to the secure deployment of medical devices within a healthcare facility.

Release Date: 08/07/2018

Security Position Paper Network Function Virtualization - Chinese Translation

Security Position Paper Network Function Virtualization - Chinese Translation

近五年来,随着云基础设施的能力和复杂性飞速演进,安全风险也相应上升。 虽然虚拟化已不是一个很新的概念,但几乎任何人都可以对计算、存储、网络和应 用程序等资源进行虚拟化的想法会增加安全威胁的影响和速度。同时,全球地缘政 治格局已从由机遇驱动的网络攻击转变为资金充足的国家行动。

Release Date: 08/03/2018

Using BlockChain Technology to Secure the Internet of Things - Chinese Translation

Using BlockChain Technology to Secure the Internet of Things - Chinese Translation

在过去的四年中,技术专家、首席数字官、营销经理、记者、博客作者和研究机构讨论 并 推广了一种新的分布式模型,将区块链技术应用于安全事务处理和存储。国际数据公司 IDC FutureScape 预测,到 2020 年,全球 20%的贸易融资将纳入区块链。

Release Date: 08/03/2018

Security Guidance v4.0 - Chinese Translation

Security Guidance v4.0 - Chinese Translation

欢迎来到云安全联盟关于云计算关键领域安全指南的第四个版本。云计算的兴起是一项不 断发展的技术,它带来了许多机遇和挑战。通过这个文档,我们的目标是提供指导和灵感来支 持业务目标,同时管理和减轻采用云计算技术相关的风险。

Release Date: 08/03/2018

GEAB State of the Cloud 2018 - Chinese Translation

GEAB State of the Cloud 2018 - Chinese Translation

云安全联盟全球企业顾问委员会成立于2016年,是由十多位行业的大型跨国公 司的顶尖专家组成的代表团队。该委员会的成立是为了表达大型IT终端用户的观点, 并融合云计算使用者信息安全相关的观点。

Release Date: 08/03/2018