Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Online Training Platform
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Micro-Trainings
Advanced Cloud Security Practitioner (ACSP) Training
Get Involved
Become an Instructor
Become a Training Partner
Train my entire team
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101
Circle
Events
Blog
Sign In

Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Home
Industry Insights
What the FedRAMP Authorization Act Means for Organizations
Published: 03/10/2023

Originally published by A-LIGN. Written by Tony Bai, Federal Practice Lead, A-LIGN. Since its creation in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has provided a standardized government-wide approach to assessing the security of cloud computing services. However, due ...

What is the Timeline for the FedRAMP Process?
Published: 02/15/2023

Originally published by Schellman. Written by Andy Rogers, Schellman. Ever watched Jeopardy? Even if you haven’t, you’re likely familiar with the iconic theme music that plays every time contestants deliberate over their answers—it’s such an iconic tune that it’s become synonymous with waiting fo...

FedRAMP Certification: An Overview of Why It Matters
Published: 01/31/2023

Originally published by Titaniam. Cybersecurity is now in the spotlight as data breaches become a near-daily story. Organizations are consuming massive amounts of personal data that is directly tied to everyday people, and they’re often utilizing cloud-based services to help store them. This can ...

Everything You Need to Know About HITRUST Certification
Published: 01/13/2023

Originally published by A-LIGN. Written by Blaise Wabo, A-LIGN. HITRUST is a standards organization focused on security, privacy and risk management. The organization developed the HITRUST CSF to provide healthcare organizations with a comprehensive security and privacy program. This program was ...

3 Aspects of the FedRAMP Assessment Process: What Do You Need to Provide?
Published: 01/12/2023

Originally published by Schellman. Written by Andy Rogers, Schellman. Ever watched a personal trainer conduct a workout on social media? Throwing up weights like they’re nothing or repping for what seems like hours before a water break—they make it look so easy. So much so that many people watchi...

Advancing Trust in a Digital World
Published: 12/06/2022

Originally published by Thales. Written by Welland Chu, Business Development Director, Asia Pac, Thales. The pandemic has accelerated digital transformation beyond anyone’s imagination. Considering the increased cybersecurity risks introduced by digital technologies, what should society do to pre...

4 Important Compliance Management Tasks for Startups
Published: 11/28/2022

Originally published by A-LIGN. The ongoing increase in cyberattacks has emphasized the importance of cybersecurity and compliance management, especially for startups still gaining market share. As startups work to win new customers, they may have to overcome a prospect’s fears that as an organiz...

What is FedRAMP? Complete Guide to FedRAMP Authorization and Certification
Published: 11/07/2022

Originally published by A-LIGN. Written by Tony Bai, Federal Practice Lead, A-LIGN. With the rise in cybersecurity attacks comes wariness from customers — no one wants to work with an organization that has an increased risk of falling victim to an attack. And when it comes to the Federal governme...

FedRAMP vs. ISO 27001
Published: 10/28/2022

Originally published by Schellman here. Ever seen those jugglers that manage to balance multiple spinning plates at the same time? As impressive as it is, you figure you’d be happy to spin just the one plate successfully. For cloud service providers (CSPs), you have lots of different proverbial...

Your Guide to FedRAMP Pen Test Guidance 3.0
Published: 09/16/2022

Originally published by Schellman here. Written by Josh Tomkiel, Schellman. For the first time since 2017, the FedRAMP Project Management Office (PMO) has updated the Penetration Testing Guidance document. For Cloud Service Providers (CSPs) seeking FedRAMP Authority to Operate (ATO), that’s ...

When to Engage a FedRAMP Consultant vs. When to Engage a 3PAO
Published: 08/01/2022

Originally published by Schellman here. Written by Andy Rogers, Schellman. “I have a very particular set of skills. Skills I have acquired over a very long career. Skills that make me a very well-equipped advisor/assessor for your FedRAMP boundary.” If you’ve seen the film Taken, you’ll know that...

Is Your CSP Capitalizing on the Rise in Federal Cloud Spending?
Published: 07/12/2022

This blog was originally published by A-LIGN here. Written by Tony Bai, Federal Practice Lead, A-LIGN. With federal cloud spending at an all-time high, the government sector has become a lucrative market for technology companies. Analysis from Deltek indicates that federal agencies spent nearly $...

CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings
Published: 08/02/2019

Victor Chin and Lefteris Skoutaris, Research Analysts, CSA The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings:Association of International Certified Professional Accountants (AICPA) Trus...

FedSTAR Pilot Program Status
Published: 07/24/2019

As the use of cloud technology has become more widespread, the concern about cloud security has increased. Government agencies and private sector users are concerned with protecting data and ensuring service availability. Many countries and private entities have designed and implemented security...

FedRAMP and PCI – A Comparison of Scanning and Penetration Testing Requirements
Published: 07/13/2015

By Matt Wilgus, Director of Security Assessment Services, BrightLineIn the last 30 days, the FedRAMP Program Management Office (PMO) has published guidance for both vulnerability scanning and penetration testing. The updated guidance comes on the heels of PCI mandating the enhanced penetration te...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.