CSA Official Press Release
Cloud Security Alliance Announces Key Initiative in Development of Cloud Security Standards in Partnership with ISO/IEC
CSA Establishes Category C Liaison Relationship with ISO/IEC JTC 1/SC 27London, ENGLAND – #CSASummit at #InfosecUK– April 20, 2011 – At the CSA Summit at Infosecurity Europe, the Cloud Security Alliance (CSA) announced that it will have a key role in the development of cloud security and privacy standards under ISO/IEC (International Organization for Standardization/International Electrotechnical Commission). The CSA has established a Category C liaison relationship with ISO/IEC’s Joint Technical Committee 1/Sub Committee 27 (JTC 1/SC 27), with Mr. Aloysius Cheang, CSA’s Asia Pacific Strategy Advisor and co-editor of ISO/IEC 27032 “Guidelines for Cybersecurity” International Standard appointed as the Liaison Officer between the CSA and ISO/IEC JTC 1/SC 27. Category C liaisons are organizations which make an effective technical contribution and participate actively in the working groups (WG) under SC 27. Dr. Walter Fumy, SC 27 Chairman, said, "The security and privacy of cloud computing services are an ever-growing concern to users and consumers of these services. ISO/IEC JTC 1/SC 27 is now embarking on the development of a series of standards that will address the security and privacy issues of cloud computing services. This development is being carried out in collaboration with various standardization partners including ITU-T and ISO/IEC JTC 1/SC 38 together with CSA. This new cooperation with the CSA adds significant value to this work of ISO/IEC JTC 1/SC 27 as it facilitates an important communication channel for the promotion of cloud computing security standards amongst the information security community." The Cloud Security Alliance will initially collaborate on two projects with the SC 27:
- A new work item proposal for cloud security, reinforcing previous work done on the Code of Practice for Information Security Management (ISMS) found in the ISO/IEC 27002 International Standard. The aim is to provide guidelines on information security controls for the use of cloud computing services based on ISMS security controls. This new work item on cloud security will be co-edited by Dr. Marlin Pohlman, CSA’s Global Strategy Director, Co-Chair Cloud Controls Matrix, Consensus Assessment and Cloud Audit for the CSA, and Chief Governance Officer of EMC.
- Information security for supplier relationships part 1. This is a new part under the multi-part standard, ISO/IEC 27036, and it will be co-edited by Ms. Becky Swain, Co-Founder and Co-Chair, CSA Cloud Controls Matrix, CSA Silicon Valley Chapter Board Member.
- Security requirements capture methodology;
- Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services;
- Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
- Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
- Security aspects of identity management, biometrics and privacy;
- Conformance assessment, accreditation and auditing requirements in the area of information security;
- Security evaluation criteria and methodology.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.