CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Join a Working Group Meeting

Community
Begins at
Security as a Service Working Group
Cloud Key Management Working Group
Enterprise Resource Planning Working Group

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

Telehealth Risk Management

Telehealth Risk Management

Release Date: 06/10/2021

The recent COVID-19 pandemic has increased the demand for data and accelerated the use of telehealth. The Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS) defines telehealth as the use of electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, and public health and health administration. Technologies include videoconferencing, the internet, store and-forward imaging, streaming media, and landline and wireless communications.This paper focuses on having the processes and controls in...

STAR Level 1: Security Questionnaire (CAIQ v4)

STAR Level 1: Security Questionnaire (CAIQ v4)

Release Date: 06/07/2021

The STAR Level 1: Security Questionnaire (CAIQ v4) offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM).  Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure.The STAR Level 1: Security Questionnaire (CAIQ v4) is what individuals will need to use to submit to the STAR Regi...

Cloud Controls Matrix and CAIQ v4

Cloud Controls Matrix and CAIQ v4

Release Date: 06/07/2021

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto standard for cloud security and privacy. The accompanying questionnaire, CAIQ, provides a set of “yes or no” questions based on the security controls in the CCM. You can now download the CCM and CAIQ together. What’s included in this download: CCM v4 Mappings CAIQ v4  Implementation Guidelines (coming soon) Auditing Guidelines (coming soon) CCM ...