ChaptersEventsBlog
Get Free Early Access to TAISE Module 3! Sample the Certificate Experience Today!

Working Group

Security Guidance

The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders.
View Current Projects
Security Guidance for Critical Areas of Focus in Cloud Computing v5
Security Guidance for Critical Areas of Focus in Cloud Computing v5

Download

Working Group Overview
The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders. CSA brings together this diverse community of industry partnerships, international chapters, working groups, and individuals to create the Cloud Security Guidance.


Security Guidance v5 now available!
The Security Guidance v5 provides a comprehensive understanding of the essential security measures needed in today's cloud landscape. The v5 body of knowledge includes the latest in cloud architecture, cloud native security, workloads, virtual networking, data security, DevSecOps, Zero Trust, Generative AI, and much more. V5 also includes vital information about risk management, achieving compliance, optimizing organizational cloud security strategies, and understanding the shared responsibility model.

Working Group Leadership

Rich Mogull
Rich Mogull

Rich Mogull

Chief Analyst at CSA

With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s v4 Guidance and the associated CCSK training curriculum. He is a prolific writer and featured speaker at the security industry’s largest events, including RSA and Black Hat. Rich was previously a Research Vice President a...

Read more

Publications in ReviewOpen Until
Cloud Threat Modeling 2025Sep 19, 2025
Key Management in Cloud Services 2025 Update Sep 26, 2025
Applying Zero Trust Principles with Network-Infrastructure Hiding Protocol - Stealth Mode Software Defined Perimeter for Network InfrastructureOct 16, 2025
Enabling Zero Trust for Cellular Networks - Guidance for Securing Mobile NetworksOct 16, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Cloud Threat Modeling 2025

Open Until: 09/19/2025

The purpose of this document is to enable and encourage effective threat modeling for cloud applications, services, and sec...

Key Management in Cloud Services 2025 Update

Open Until: 09/26/2025

This document is an updated edition of the original “Key Management in Cloud Services” paper, first published in 2020. ...

Applying Zero Trust Principles with Network-Infrastructure Hiding Protocol - Stealth Mode Software Defined Perimeter for Network Infrastructure

Open Until: 10/16/2025

Our core TCP/IP networking systems and protocols have been with us since the 1970s, and have in many ways served us well. T...

Enabling Zero Trust for Cellular Networks - Guidance for Securing Mobile Networks

Open Until: 10/16/2025

The rapid evolution of cellular network technologies, particularly the rollout of 5G, Open Radio Access Network (ORAN), and...