Open Certification Working Group
Introduction to the Open Certification Working Group
The CSA Open Certification Working Group is an industry initiative to allow global, accredited, trusted certification of cloud providers.
The CSA Open Certification Working Group is a program for flexible, incremental and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives.
The program will integrate with popular third-party assessment and attestation statements developed within the public accounting community to avoid duplication of effort and cost.
The CSA Open Certification Working Group is based upon the control objectives and continuous monitoring structure as defined within the CSA GRC (Governance, Risk and Compliance) Stack research projects.
The CSA Open Certification Working Group will support several tiers, recognizing the varying assurance requirements and maturity levels of providers and consumers. These will range from the CSA Security, Trust and Assurance Registry (STAR) self-assessment to high-assurance specifications that are continuously monitored.
The CSA Open Certification Working Group provides:
- A path for any region to address compliance concerns with trusted, global best practices. For example, we expect governments to be heavy adopters of the CSA Open Certification Framework to layer their own unique requirements on top of the GRC Stack and provide agile certification of public sector cloud usage.
- An explicit guidance for providers on how to use GRC Stack tools for multiple certification efforts. For example, scoping documentation will articulate the means by which a provider may follow an ISO/IEC 27001 certification path that incorporates the CSA Cloud Controls Matrix (CCM).
- A “recognition scheme” that would allow us to support ISO, AICPA and potentially others that incorporate CSA IP inside of their certifications/framework. CSA supports certify-once, use-often, where possible.
CSA aims to harmonize and simplify provider certifications, not complicate them.
Open Certification Working Group News
May 15, 2013
Cloud Security Alliance Successfully Completes Open Certification Framework (OCF) Pilot Implementations with Alibaba and New Taipei City Government
Representatives to discuss cloud computing pilot results and key learnings at CSA Congress APAC.
February 08, 2013
Cloud Security Alliance and Electronic Government Agency (EGA) of Thailand Partner to Drive Cloud Computing Adoption in the Association of Southeast Asian Nations
CSA today announced that it has signed a formal partnership with the Electronic Government Agency (EGA) of Thailand.
August 20, 2012
The Cloud Security Alliance (CSA) today announces additional details of its Open Certification Framework, and its partnership with BSI (British Standards Institution).
May 09, 2012
SecureCloud 2012 in Frankfurt: Global Leaders Address Top Emerging Issues on Cloud Security and Privacy
How will changes in European data protection regulation affect cloud providers and users? How will forensics look like in the Cloud?
May 09, 2012
At the opening of the SecureCloud 2012 conference, CSA announced the CSA Open Certification Framework, an industry initiative to allow global, trusted certification of cloud providers.
Open Certification Working Group Videos
No videos currently available.
Open Certification Working Group Downloads
There are a number of control areas on the CCM that will each be awarded a management capability score on a scale of 1-15. This 2nd version release includes alignment with the CCM v1.4 and v3.X.
Release Date: May 16, 2014
The following guidelines will help you to apply good practice in publicizing, communicating and promoting your certification to stakeholders, including staff, customers and business partners, and to the general public.
Release Date: September 03, 2013
This document outlines how to conduct a STAR certification assessments to the Cloud Controls Matrix (CCM) as part of an ISO 27001 assessment.
Release Date: September 03, 2013
The CSA Open Certification Framework is a program for flexible, incremental and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives.
Release Date: August 17, 2012
Open Certification Working Group Co-chairs
Open Certification Working Group Advisors
Managing Director EMEA
Daniele Catteddu, is the Managing Director, EMEA, in Cloud Security Alliance, where he is responsible for the definition and execution of the company strategy in EU, Middle East and Africa. He also leads CSA participation in FP7 projects, coordinates European CSA Chapters research projects and manage the relations with European public institutions. In past worked at ENISA (European Network and Information Security Agency), as Expert, where he was responsible of projects in the areas of Resilience and Critical Information Infrastructure Protection (CIIP) and in particular he was supporting EU Member States in implementing the security obligations in the new European Framework Directive on Telecommunication. He has also worked within ENISA as a risk management expert, on various activities in the area of the Emerging and Future Risks, and in particular, having a leading role in developing EU cloud security research. Before joining ENISA, Daniele worked as an Information Security consultant in the banking and financial sector. Daniele is the author of the study: “Security and Resilience in Governmental Clouds” as well as co-author of the reports: “Cloud Computing: Benefits, risks and recommendations for information security” and “Cloud Computing: Information Assurance Framework”. He is member of various national and international security expert groups on cloud computing security and privacy, invited speaker at conferences and workshops (e.g. Digital Agenda Assembly, Word Economic Forum cloud workshop, OASIS Cloud Symposium, etc). Daniele graduated from the University of Parma (Italy) in Business Administration and Economics, and he is an ISACA Certified Information Security Manager and Certified Information Systems Auditor.