Cloud 101CircleEventsBlog
Register for CSA's free and virtual Global AI Symposium, October 22-24, for cutting-edge insights on AI and cloud security. 

Download Publication

Enterprise Authority To Operate (EATO) Controls Framework
Enterprise Authority To Operate (EATO) Controls Framework

Enterprise Authority To Operate (EATO) Controls Framework

Release Date: 07/02/2024

Many small and mid-sized cloud-based Anything-as-a-Service (XaaS) vendors struggle to implement robust information security controls. These security gaps particularly discourage corporate customers that operate in highly regulated industries. Customers in these industries must individually assess XaaS cloud services using heavy-weight cloud control assessments, incurring a significant cost and resulting in complex remediation requirements for the vendor.

With hopes to solve this problem, CSA has created the Enterprise Authority to Operate (EATO) Controls Framework. Created by the EATO Working Group, this framework helps identify and remediate risks in cloud-based XaaS services. Use of the framework allows large corporate clients to more easily accept small and mid-sized vendors.

The framework contains 163 controls based on CSA’s Cloud Controls Matrix (CCM) v4. Information security, BCDR, data retention, archiving, vendor risk, and privacy controls are all included. Compared to CCM, the EATO Controls Framework contains more detailed and additional core controls. These controls apply stricter requirements that cater to the needs of highly regulated corporate customers. To compensate for the additional controls, the framework also shortens and drops certain peripheral controls that are included in CCM.

Key Benefits of the EATO Controls Framework:
  • Provides a globally trusted, cost effective, and independent assessment service for small and mid-sized cloud-based XaaS providers.
  • Provides a trusted and independently certified security remediation consultancy service that enables XaaS providers to implement security by design.
  • Focuses remediation efforts against one central set of findings instead of many disparate and conflicting requirements.
  • Enhances trust by only issuing certificates after effective remediation of the audit findings.
  • Reduces efforts for corporate customers, eliminating the need for many individual assessments.

Download this Resource

Prefer to access this resource without an account?
Download the publication. Download the presentation.

Bookmark
Share
Related resources
Zero Trust Guiding Principles v1.1
Zero Trust Guiding Principles v1.1
Strengthening Research Integrity with High-Performance Computing (HPC) Security
Strengthening Research Integrity with High-Perf...
Top Threats to Cloud Computing 2024
Top Threats to Cloud Computing 2024
Discover Cloud Security Services That are Enabled with CSA STAR
Discover Cloud Security Services That are Enabled with CSA STAR
Published: 09/06/2024
Can You Have Bulletproof Security Without Network Lag? Unveiling the Secret
Can You Have Bulletproof Security Without Network Lag? Unveiling th...
Published: 09/03/2024
How to De-Risk Patching Third Party Software Packages
How to De-Risk Patching Third Party Software Packages
Published: 08/28/2024
PAM and Cloud Security: The Case for Zero Standing Privileges
PAM and Cloud Security: The Case for Zero Standing Privileges
Published: 08/22/2024
Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training