Circle
Events
Blog

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

CSA CCM v4.0 Addendum - ISMAP

CSA CCM v4.0 Addendum - ISMAP

Release Date: 10/04/2022

This document is an addendum to the CCM V4.0 that contain controls mapping between the CSA CCM and Japan's Information System Security Management and Assessment Program (ISMAP).

The document aims to help ISMAP compliant organizations meet CCM requirements. This is achieved by identifying...
Recommendations for using a Customer Controlled Key Store

Recommendations for using a Customer Controlled Key Store

Release Date: 09/26/2022

In the latest from the Cloud Key Management working group, this document provides guidance on how to assess and implement cloud key management services concerning an organization’s needs for key management - it is the responsibility of the customer to then use encryption keys (or other...
Healthcare Interoperability

Healthcare Interoperability

Release Date: 09/26/2022

When Health Information Technology systems seamlessly exchange data with each other, it is referred to as interoperability. Interoperability occurs when information is transferred using a standardized format where the receiving Electronic Health Record finds the data readable and acceptable. The...