Cloud 101CircleEventsBlog

Download Publication

CSA Enterprise Architecture Reference Guide - Chinese Translation
CSA Enterprise Architecture Reference Guide - Chinese Translation
Who it's for:
  • Cybersecurity architects
  • Cloud engineers
  • Cloud security professionals
  • Compliance professionals

CSA Enterprise Architecture Reference Guide - Chinese Translation

Release Date: 02/07/2022

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translated content falls outside of the CSA Research Lifecycle. For any questions and feedback, contact [email protected].

The CSA Enterprise Architecture (EA) is both a methodology and a set of tools. It is a framework, a comprehensive approach for the architecture of a secure cloud infrastructure, and can be used to assess opportunities for improvement, create roadmaps for technology adoption, identify reusable security patterns, and assess various cloud providers and security technology vendors against a common set of capabilities.

To create the CSA Enterprise Architecture, the EA Working Group leveraged four industry standard architecture models: TOGAF, ITIL, SABSA, and Jericho, therefore combining the best of breed architecture paradigms into a comprehensive approach to cloud security. By merging business drivers with security infrastructure, the EA increases the value proposition of cloud services within an enterprise business model. The CSA Enterprise Architecture was adopted by the National Institute of Standards and Technologies in NIST SP 500-299 and NIST SP 500-292.

This guide is your deep dive into each EA domain. For quick reference and a visual representation of these domains, refer to the Enterprise Architecture Reference Diagram.

To learn how the EA maps to CSA’s standard controls set, refer to the Enterprise Architecture v2 to CCM v3.01 Mapping

Key Takeaways:
  • What the CSA Enterprise Architecture is.
  • How to use the CSA Enterprise Architecture.
  • The full explanation of each EA domain, the specifics of each of their components, how to apply them to your organization, and their relationships to the other domains. 
  • The EA domains are:
    • Business Operation Support Services (BOSS)
    • Information Technology Operation and Support (ITOS)
    • Technology Solution Services (TSS)
    • Security and Risk Management (SRM)
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources
Defining the Zero Trust Protect Surface
Defining the Zero Trust Protect Surface
The Six Pillars of DevSecOps - Collaboration and Integration
The Six Pillars of DevSecOps - Collaboration an...
The State of Security Remediation 2024
The State of Security Remediation 2024
For Game-Changing Cloud Workload Protection, Focus on Quality Over Quantity
For Game-Changing Cloud Workload Protection, Focus on Quality Over ...
Published: 03/27/2024
Architecture Drift: What It Is and How It Leads to Breaches
Architecture Drift: What It Is and How It Leads to Breaches
Published: 03/22/2024
Email Security Best Practices for 2024 (and Beyond)
Email Security Best Practices for 2024 (and Beyond)
Published: 03/19/2024
How Pentesting Fits into AI’s ‘Secure By Design’ Inflection Point
How Pentesting Fits into AI’s ‘Secure By Design’ Inflection Point
Published: 03/18/2024
Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training