Research Arrow to Content

Initiative Description Downloads
Big Data Logo

Visit the initiative page

Big Data Working Group
Big Data is a working group within the Cloud Security Alliance (CSA) created to identify best practices for security and privacy in big data.

Comment on Big Data and the Future of Privacy
-Released April 09, 2014

Top Ten Challenges in Cryptography for Big Data
-Released March 18, 2014

Big Data Analytics for Security Intelligence
-Released September 24, 2013

Expanded Top Ten Big Data Security and Privacy Challenges
-Released June 16, 2013

Top Ten Big Data Security and Privacy Challenges
-Released November 07, 2012

CSA Congress 2012 Big Data Overview
-Released November 06, 2012

Big Data Working Group Charter
-Released May 04, 2012

Cloud Controls Matrix (CCM)

Visit the initiative page

Cloud Controls Matrix (CCM)
Security controls framework for cloud provider and cloud consumers.

CCM v3.0 Info Sheet
-Released October 07, 2013

Cloud Controls Matrix v3.0
-Released September 26, 2013

Cloud Controls Matrix v1.4
-Released March 08, 2013

Cloud Controls Matrix v1.3
-Released September 20, 2012

Cloud Controls Matrix v1.2
-Released August 26, 2011

Cloud Controls Matrix V1.1
-Released December 17, 2010

Cloud Controls Matrix V1.01
-Released October 20, 2010

Cloud Controls Matrix V1.0
-Released April 27, 2010

Cloud Data Governance

Visit the initiative page

Cloud Data Governance
Responsible for understanding the top requirements and needs of different stakeholders on governing and operating data in the Cloud, and prioritizing and answering the key problems and questions identified by Cloud stakeholders.

Cloud Consumer Advocacy Questionnaire and Information Survey Results (CCAQIS) v1.0
-Released November 16, 2011

CCAQIS Survey v1.2
-Released August 01, 2011

Cloud Metrics

Cloud Metrics
Metrics designed for Cloud Controls Matrix and CSA Guidance.

There are no downloads at this time.

CloudAudit

Visit the initiative page

CloudAudit
The goal of CloudAudit is to provide a common interface and namespace that allows cloud computing providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise via an open, extensible and secure interface and methodology.

There are no downloads at this time.

CloudCERT

Visit the initiative page

CloudCERT
Enhance the capability of the cloud community to prepare for and respond to vulnerabilities, threats, and incidents in order to preserve trust in cloud computing.

CloudCERT Report to CSA Summit 2011
-Released February 14, 2011

Cloud Trust Protocol

Visit the initiative page

CloudTrust Protocol
The CloudTrust Protocol (CTP) is the mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.

CloudTrust Protocol Information Overview Powerpoint
-Released September 01, 2011

CloudTrust Protocol Information Overview
-Released June 01, 2011

A Precis for the CloudTrust Protocol (V2.0)
-Released September 01, 2010

Consensus Assessments Initiative

Visit the initiative page

Consensus Assessments Initiative
Research tools and processes to perform consistent measurements of cloud providers.

Consensus Assessments Initiative Questionnaire v1.1
-Released September 01, 2011

Consensus Assessments Initiative Questionnaire V1.0
-Released October 12, 2010

Enterprise Architecture Working Group

Visit the initiative page

Enterprise Architecture Working Group
Secure, interoperable identity in the cloud.

Enterprise Architecture v2.0
-Released February 25, 2013

Enterprise Architecture Mapping V1.9
-Released November 09, 2011

Enterprise Architecture Model V1.1
-Released October 26, 2011

Enterprise Architecture Reference Architecture Quick Guide
-Released October 01, 2011

Health Information Management

Visit the initiative page

Health Information Management
Provide direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries..

There are no downloads at this time.

Incident Management and Forensics Logo

Visit the initiative page

Incident Management and Forensics
Best practices for incident management and forensics in cloud environments.

Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing
-Released June 26, 2013

Incident Management and Forensics Working Group Charter
-Released February 13, 2013

Innovation Initiative Logo

Visit the initiative page

Innovation Initiative
The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology.

Innovation Initiative Overview Powerpoint
-Released February 24, 2012

Innovation Initiative Charter
-Released February 24, 2012

Legal Information Center Logo

Visit the initiative page

CSA Legal Information Center
The CSA Legal Information Center is an expert-led community resource for global legal issues impacting cloud computing. Our mission is to provide unbiased information about the applicability of existing laws and also identify laws that are being impacted by technology trends and may require modification.

Planning for E-Discovery in the Cloud
-Released May 21, 2013

Cloud Computing: What Damages in Case of Outages
-Released May 21, 2013

What the Proposed EU Data Protection Regulation Means for Cloud Users
-Released February 22, 2013

Article 29 Working Party Cloud Computing Opinion: A Blow to Safe Harbor
-Released February 22, 2013

What Rules Apply to Government Access to Data Held by US Cloud Service Providers
-Released February 22, 2013

CSA Security Guidance Domain 3: Legal Issues: Contracts and Electronic Discovery
-Released November 14, 2011

Mobile Working Group Logo

Visit the initiative page

Mobile Working Group
The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.

Security Guidance for Critical Areas of Mobile Computing
-Released November 08, 2012

Mobile Top Threats
-Released October 04, 2012

Mobile Device Management: Key Components
-Released September 20, 2012

Mobile Working Group Charter
-Released February 21, 2012

Open Certification Framework

Visit the initiative page

Open Certification Framework
The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.

Publicizing Your STAR Certification
-Released September 03, 2013

Requirements for Bodies Providing STAR Certification
-Released September 03, 2013

STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)
-Released September 03, 2013

OCF Vision Statement
-Released August 17, 2012

PLA Logo

Visit the initiative page

Privacy Level Agreement Working Group
This working group aims at creating PLA templates that can be a powerful self-regulatory harmonization tool, which is almost impossible to achieve at global level using traditional legislative means. This will provide a clear and effective way to communicate to (potential) customers CSP’s a level of data protection, especially when trans-border data flaw is concerned.

Privacy Level Agreement (PLA) Outline Annex
-Released February 24, 2013

Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union
-Released February 24, 2013

PLA Initiative Research Sponsorship Outline
-Released August 27, 2012

Security as a Service

Visit the initiative page

Security as a Service
Research for gaining greater understanding for how to deliver security solutions via cloud models.

SecaaS Category 7 // Security Information and Event Management Implementation Guidance
-Released October 29, 2012

SecaaS Category 9 // BCDR Implementation Guidance
-Released October 08, 2012

SecaaS Category 8 // Encryption Implementation Guidance
-Released October 08, 2012

SecaaS Category 6 // Intrusion Management Implementation Guidance
-Released October 08, 2012

SecaaS Category 5 // Security Assessments Implementation Guidance
-Released October 08, 2012

SecaaS Category 4 // Email Security Implementation Guidance
-Released October 08, 2012

SecaaS Category 3 // Web Security Implementation Guidance
-Released October 08, 2012

SecaaS Category 2 // Data Loss Prevention Implementation Guidance
-Released October 08, 2012

SecaaS Category 10 // Network Security Implementation Guidance
-Released October 08, 2012

SecaaS Category 1 // Identity and Access Management Implementation Guidance
-Released September 26, 2012

Defined Categories of Service 2011
-Released October 26, 2011

Security Guidance for Critical Areas of Focus in Cloud Computing

Visit the initiative page

Security Guidance for Critical Areas of Focus in Cloud Computing
Foundational best practices for securing cloud computing.

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0
-Released November 14, 2011

CSA V3 Guideline: Book Excerpts
-Released July 02, 2011

Cloud Computing for Business
-Released March 02, 2011

NIST Guidelines on Security and Privacy in Public Cloud Computing
-Released January 01, 2011

Security Guidance for Critical Areas of Focus in Cloud Computing V2.0
-Released December 02, 2009

Security Guidance for Critical Areas of Focus in Cloud Computing V1.0
-Released April 01, 2009

Software Defined Perimeter

Software Defined Perimeter

SDP Hackathon Whitepaper
-Released April 17, 2014

Software Defined Perimeter
-Released December 01, 2013

Solution Provider Advisory Council

Solution Provider Advisory Council
Corporate members providing cloud solutions or cloud security solutions. Responsible for articulating provider point of view.

There are no downloads at this time.

Solution Provider SME Advisory Council

Solution Provider SME Advisory Council
Corporate members providing cloud solutions or cloud security solutions. Dedicated to Subject Matter Experts within our corporate members.

There are no downloads at this time.

Telecom Working Group

Visit the initiative page

Telecom Working Group
Provide direct influence on how to deliver secure cloud solutions and foster cloud awareness within all aspects of Telecommunications.

There are no downloads at this time.

Top Threats to Cloud Computing

Visit the initiative page

Top Threats to Cloud Computing
Provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.

The Notorious Nine: Cloud Computing Top Threats in 2013
-Released February 24, 2013

Top Threats to Cloud Computing Survey Results Update 2012
-Released November 07, 2012

Virtualization Working Group

Visit the initiative page

Virtualization Working Group
Virtualization provides an important layer of abstraction from physical hardware, enabling the elasticity and resource pooling commonly associated with cloud.

There are no downloads at this time.

Page Dividing Line