Download Publication
Enterprise Authority To Operate (EATO) Controls Framework
Release Date: 07/02/2024
Working Group: Enterprise Authority to Operate (EATO)
Many small and mid-sized cloud-based Anything-as-a-Service (XaaS) vendors struggle to implement robust information security controls. These security gaps particularly discourage corporate customers that operate in highly regulated industries. Customers in these industries must individually assess XaaS cloud services using heavy-weight cloud control assessments, incurring a significant cost and resulting in complex remediation requirements for the vendor.
With hopes to solve this problem, CSA has created the Enterprise Authority to Operate (EATO) Controls Framework. Created by the EATO Working Group, this framework helps identify and remediate risks in cloud-based XaaS services. Use of the framework allows large corporate clients to more easily accept small and mid-sized vendors.
The framework contains 163 controls based on CSA’s Cloud Controls Matrix (CCM) v4. Information security, BCDR, data retention, archiving, vendor risk, and privacy controls are all included. Compared to CCM, the EATO Controls Framework contains more detailed and additional core controls. These controls apply stricter requirements that cater to the needs of highly regulated corporate customers. To compensate for the additional controls, the framework also shortens and drops certain peripheral controls that are included in CCM.
Key Benefits of the EATO Controls Framework:
- Provides a globally trusted, cost effective, and independent assessment service for small and mid-sized cloud-based XaaS providers.
- Provides a trusted and independently certified security remediation consultancy service that enables XaaS providers to implement security by design.
- Focuses remediation efforts against one central set of findings instead of many disparate and conflicting requirements.
- Enhances trust by only issuing certificates after effective remediation of the audit findings.
- Reduces efforts for corporate customers, eliminating the need for many individual assessments.
Download this Resource
Prefer to access this resource without
an account?
Download the publication. Download the presentation.
Are you a research volunteer? Request to have your profile displayed on the website here.