CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.
Contribute to CSA Research
Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.
Serverless Computing Working Group Charter
Release Date: 05/17/2022
Serverless working group charter document. The Serverless WG seeks to develop best practices to help organizations that want to run their business with a serverless computing model. The objective of the working group is to design and maintain a Serverless security reference architecture and security controls/framework and provide best practice security recommendations that can be used as a guide for the planning, design, operation, maintenance, and evaluation of Serverless computing operations.
HPC Cloud Services Onboarding Guide
Release Date: 05/16/2022
This paper aims to present an overview of what to consider to ensure the proper selection, design, and implementation of an HPC solution that will satisfy business, security, and compliance objectives.
Healthcare Supply Chain Cybersecurity Risk Management
Release Date: 05/11/2022
It is essential for Healthcare Delivery Organizations to conduct proper risk management practices and risk assessments of suppliers and third-party service partners to minimize the risk of a supply chain exploitation. Internal security policies of a HDO need to be upheld to include external supply chain risk and vendor assessments, as a compromised network can put systems at risk. Many global factors may potentially disrupt a supply chain, so risk monitoring and response are critical for an HDO to mitigate vulnerability exposure threats across their supply chain infrastructure. A formal risk rating process for suppliers provides an effective way to evalua...