Open Certification Working Group

Introduction to the Open Certification Working Group

The CSA Open Certification Working Group is an industry initiative to allow global, accredited, trusted certification of cloud providers.

The CSA Open Certification Working Group is a program for flexible, incremental and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives.

The program will integrate with popular third-party assessment and attestation statements developed within the public accounting community to avoid duplication of effort and cost.

The CSA Open Certification Working Group is based upon the control objectives and continuous monitoring structure as defined within the CSA GRC (Governance, Risk and Compliance) Stack research projects.

The CSA Open Certification Working Group will support several tiers, recognizing the varying assurance requirements and maturity levels of providers and consumers. These will range from the CSA Security, Trust and Assurance Registry (STAR) self-assessment to high-assurance specifications that are continuously monitored.

The CSA Open Certification Working Group provides:

  • A path for any region to address compliance concerns with trusted, global best practices. For example, we expect governments to be heavy adopters of the CSA Open Certification Framework to layer their own unique requirements on top of the GRC Stack and provide agile certification of public sector cloud usage.
  • An explicit guidance for providers on how to use GRC Stack tools for multiple certification efforts. For example, scoping documentation will articulate the means by which a provider may follow an ISO/IEC 27001 certification path that incorporates the CSA Cloud Controls Matrix (CCM).
  • A “recognition scheme” that would allow us to support ISO, AICPA and potentially others that incorporate CSA IP inside of their certifications/framework. CSA supports certify-once, use-often, where possible.

CSA aims to harmonize and simplify provider certifications, not complicate them.

Open Certification Working Group Leadership

Open Certification Co-chairs

Audrey Katcher

Andreas Fuchsberger

John DiMaria

John DiMaria

John DiMaria is a management system professional, Six Sigma Black Belt, certified Holistic Information Security Practitioner (HISP) Master HISP and AMBCI with 28 years of experience in Management System Development, including Information Systems, Quality Assurance, International Quality Standards, Statistical Process Control, Regulatory Affairs, Customer Service, Subcontractor Analysis and Marketing/Sales. John is responsible for overseeing product roll-out and client/sales education. He is the product expertise spokesperson for BSI Group Americas regarding all product standards covering Risk, Quality and Regulatory Compliance.

John serves on many committees that influence legislation and drive international harmonization including serving as the co-chair for the CSA OCF Working group and was the project manager during the development and rollout of STAR Certification.

John has been featured in and contributed to many publications concerning various topics regarding information security and business continuity.

Open Certification Advisors

Daniele Catteddu

Daniele Catteddu

Chief Technology Officer, CSA

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, cyber security and privacy.

Currently he is the Chief Technology Officer, at Cloud Security Alliance, where he is responsible to drive, on a global scale, the adoption of the technology strategy roadmap within key CSA lines of business: Research, Membership Services, Standards, Education and Products. He identifies technology trends, global policies and evolving social behavior and their impact on information security and on CSA’s activities.
Daniele leads the product management for CSA and chairs the Futures Advisory Committee.

Mr Catteddu is the co-founder and executive of the CSA Open Certification Framework / STAR Program. Moreover he leads definition and implementation of the CSA research agenda in Europe and manages the relations with European public institutions and is member of the CSA International Standardization Council.

He has been recently appointed as Member of the Policy and Scientific Committee of the European Privacy Association.

In past he worked at CSA as Managing Director for the EMEA Region, at ENISA (European Network and Information Security Agency), as Expert in areas of Critical Information Infrastructure Protection (CIIP) and Emerging and Future Risks Management, and in particular, having a leading role in developing EU cloud security research. Before joining ENISA, Daniele worked as an Information Security consultant in the banking and financial sector. Daniele graduated from the University of Parma (Italy) in Business Administration and Economics, and he is an ISACA Certified Information Security Manager.

Open Certification Working Group Initiatives

Please contact Open Certification Working Group Leadership for more information.

Want to contribute to the Open Certification Working Group?

Fill out the form below to join today!


Other:

If you experience trouble using this form, please submit the information here.

Open Certification Working Group News

September 15, 2015

What’s Hindering the Adoption of Cloud Computing in Europe?

As with their counterparts in North America, organizations across Europe are eagerly embracing cloud computing into their operating environment. However, despite the overall enthusiasm around the potential of cloud computing to transform their business practices, many CIOs have real concerns about migrating their sensitive data and applications to public cloud environments. Why? In essence, it…

May 15, 2013

Cloud Security Alliance Successfully Completes Open Certification Framework (OCF) Pilot Implementations with Alibaba and New Taipei City Government

Representatives to discuss cloud computing pilot results and key learnings at CSA Congress APAC.

February 08, 2013

Cloud Security Alliance and Electronic Government Agency (EGA) of Thailand Partner to Drive Cloud Computing Adoption in the Association of Southeast Asian Nations

CSA today announced that it has signed a formal partnership with the Electronic Government Agency (EGA) of Thailand.

August 20, 2012

CSA Announces Open Security Framework for Cloud Providers

The Cloud Security Alliance (CSA) today announces additional details of its Open Certification Framework, and its partnership with BSI (British Standards Institution).

May 09, 2012

SecureCloud 2012 in Frankfurt: Global Leaders Address Top Emerging Issues on Cloud Security and Privacy

How will changes in European data protection regulation affect cloud providers and users? How will forensics look like in the Cloud?

May 09, 2012

CSA Announces Open Certification Framework for Cloud Providers

At the opening of the SecureCloud 2012 conference, CSA announced the CSA Open Certification Framework, an industry initiative to allow global, trusted certification of cloud providers.

Open Certification Working Group Downloads

STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)

STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)

There are a number of control areas on the CCM that will each be awarded a management capability score on a scale of 1-15. This 2nd version release includes alignment with the CCM v1.4 and v3.X.

Release Date: May 16, 2014

Publicizing Your STAR Certification

Publicizing Your STAR Certification

The following guidelines will help you to apply good practice in publicizing, communicating and promoting your certification to stakeholders, including staff, customers and business partners, and to the general public.

Release Date: September 03, 2013

Requirements for Bodies Providing STAR Certification

Requirements for Bodies Providing STAR Certification

This document outlines how to conduct a STAR certification assessments to the Cloud Controls Matrix (CCM) as part of an ISO 27001 assessment.

Release Date: September 03, 2013

OCF Vision Statement

OCF Vision Statement

The CSA Open Certification Framework is a program for flexible, incremental and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives.

Release Date: August 17, 2012