Cloud Security Alliance Launches STAR for AI, Establishing the Global Framework for Responsible and Auditable Artificial Intelligence

Seattle, WA — October 23, 2025 — The Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, today announced the official launch of STAR for AI, introducing the first global framework for AI assurance across both Level 1 and Level 2 tiers.

This milestone builds upon CSA’s AI Controls Matrix (AICM) and its newly released mapping to ISO/IEC 42001:2023, creating a cohesive, standards-aligned pathway for organizations to demonstrate responsible AI governance and verifiable trust.

Two Foundational Components for AI Assurance

STAR for AI Level 1 — AI CAIQ Self-Assessment
Organizations can now publish their AI CAIQ v1.0.2 self-assessments to the CSA STAR Registry to earn the STAR for AI Level 1 designation. This entry-level assurance tier establishes transparent, standardized disclosures aligned with the AICM and provides a verifiable foundation for responsible AI governance.

STAR for AI Level 2 — ISO/IEC 42001 Assurance
Launching in November 2025, STAR for AI 42001 extends the proven STAR framework into the domain of AI management systems, combining the rigor of ISO/IEC 42001 certification with CSA’s transparency and automation capabilities. Organizations certified to ISO 42001 can now upload their certificates to the STAR Registry—paving the way for full STAR for AI 42001 recognition when paired with a Valid-AI-ted scored self-assessment.

Early leaders Anthropic, Sierra, and Zendesk have already posted their ISO 42001 certificates in the STAR Registry, underscoring industry momentum behind this new framework.

Zendesk Achieves a Milestone Toward STAR for AI Level 2

CSA is pleased to recognize Zendesk as the first organization worldwide to submit both of the precursor components to STAR for AI Level 2: an ISO/IEC 42001 certificate and an AI CAIQ self-assessment.

While the full STAR for AI 42001 designation will be available following the Valid-AI-ted scoring engine release on November 20, Zendesk’s participation demonstrates early leadership and commitment to transparent, responsible AI governance.

“We’re honored to be recognized as the first organization worldwide to achieve all initial requirements for CSA STAR for AI and are grateful to the Cloud Security Alliance for this recognition. Our focus has always been on earning customer trust, and this milestone reflects our shared commitment to advancing responsible AI practices that strengthen trust across the industry.”

— Vinay Patel, Chief Trust & Security Officer, Zendesk

Supporting Frameworks: AICM Implementation and Auditing Guidelines

To operationalize the AICM and ensure consistent assurance practices, CSA has released two complementary frameworks:

• AICM Implementation Guidelines – Role-based guidance for applying AI security, governance, and assurance controls across Model Providers, Application Providers, Orchestrated Service Providers, and AI Customers.
• AICM Auditing Guidelines – A structured methodology for evaluating the completeness and effectiveness of AICM controls throughout the AI lifecycle.

Together, these frameworks enable organizations to build safer, auditable, and compliant AI systems—aligning governance, implementation, and validation under one consistent model.

A Turning Point for Global AI Trust

“With STAR for AI, we’re turning the principles of responsible AI into measurable, auditable practice,” said Jim Reavis, Co-founder and Chief Executive Officer of the Cloud Security Alliance. “Level 1 establishes transparency through self-assessment, while Level 2 integrates ISO 42001 into our trusted STAR framework for independent validation. By combining international standards with CSA’s commitment to openness and innovation, we’re building a future where AI is not only secure and compliant—but also trusted, explainable, and resilient.”

A Roadmap for Responsible AI Assurance

The STAR for AI launch completes the first phase of CSA’s AI trust roadmap introduced in August 2025, which unveiled the AICM ↔ ISO/IEC 42001 mapping and set the stage for the STAR for AI 42001 on-ramp. Together, these milestones provide a practical, standards-aligned pathway for organizations to demonstrate AI responsibility today while preparing for the assurance frameworks of tomorrow.

Organizations can begin their AI assurance journey today by visiting the CSA STAR Registry to publish AI CAIQ self-assessments or upload ISO 42001 certificates.

About the Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading not-for-profit organization committed to awareness, practical implementation, and credentialing of forward-looking cybersecurity topics, including AI, cloud, and Zero Trust. In an era where digital transformation drives business success, CSA stands as the global authority ensuring organizations can operate securely while harnessing cutting-edge technology. Through volunteer-driven research, globally-accepted standards, and award-winning vendor-neutral education programs that unite technical experts, industry practitioners, and varied associations, governments, chapters, and corporate members, CSA bridges the gap between innovation and pragmatic security execution. Visit CSA’s website to learn more.

Media Contact
Kristina Rundquist
ZAG Communications for the CSA
[email protected]