CSA Enterprise Architecture Reference Guide
Release Date: 05/18/2021
Working Group: Enterprise Architecture
To create the CSA Enterprise Architecture, the EA Working Group leveraged four industry standard architecture models: TOGAF, ITIL, SABSA, and Jericho, therefore combining the best of breed architecture paradigms into a comprehensive approach to cloud security. By merging business drivers with security infrastructure, the EA increases the value proposition of cloud services within an enterprise business model. The CSA Enterprise Architecture was adopted by the National Institute of Standards and Technologies in NIST SP 500-299 and NIST SP 500-292.
This guide is your deep dive into each EA domain. For quick reference and a visual representation of these domains, refer to the Enterprise Architecture Reference Diagram.
To learn how the EA maps to CSA’s standard controls set, refer to the Enterprise Architecture v2 to CCM v3.01 Mapping.
- What the CSA Enterprise Architecture is.
- How to use the CSA Enterprise Architecture.
- The full explanation of each EA domain, the specifics of each of their components, how to apply them to your organization, and their relationships to the other domains.
- The EA domains are:
- Business Operation Support Services (BOSS)
- Information Technology Operation and Support (ITOS)
- Technology Solution Services (TSS)
- Security and Risk Management (SRM)
- Cybersecurity architects
- Cloud engineers
- Cloud security professionals
- Compliance professionals
CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.
Provide feedback on this form