Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

CSA Research Publications

Whitepapers, Reports and Other Resources

Home
Publications

Browse Publications

The Six Pillars of DevSecOps: Measure, Monitor, Report, and Action

The Six Pillars of DevSecOps: Measure, Monitor, Report, and Action
Release Date: 05/14/2024

The implementation and maintenance of DevSecOps initiatives can take anywhere from a few months to several years to implement. Therefore, continuous measu...

Request to download
Cloud Controls Matrix and CAIQ v4

Cloud Controls Matrix and CAIQ v4
Release Date: 05/08/2024

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto s...

Request to download
Confronting Shadow Access Risks: Considerations for Zero Trust and Artificial Intelligence Deployments

Confronting Shadow Access Risks: Considerations for Zero Trust and Artificial Intelligence Deployments
Release Date: 05/06/2024

Shadow Access, a growing concern within cloud computing and Identity and Access Management (IAM), refers to unintended, unauthorized access to systems and...

Request to download
AI Organizational Responsibilities - Core Security Responsibilities

AI Organizational Responsibilities - Core Security Responsibilities
Release Date: 05/05/2024

This publication from the CSA AI Organizational Responsibilities Working Group provides a blueprint for enterprises to fulfill their core information secu...

Request to download
AI Resilience: A Revolutionary Benchmarking Model for AI Safety

AI Resilience: A Revolutionary Benchmarking Model for AI Safety
Release Date: 05/05/2024

The rapid evolution of Artificial Intelligence (AI) promises unprecedented advances. However, as AI systems become increasingly sophisticated, they also p...

Request to download
Principles to Practice: Responsible AI in a Dynamic Regulatory Environment

Principles to Practice: Responsible AI in a Dynamic Regulatory Environment
Release Date: 05/05/2024

Artificial Intelligence (AI) innovation is not expected to slow down any time soon, as the big tech giants plan to invest hundreds of billions of dollars ...

Request to download
Defining Shadow Access: The Emerging IAM Security Challenge - Japanese Translation

Defining Shadow Access: The Emerging IAM Security Challenge - Japanese Translation
Release Date: 04/29/2024

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate...

Request to download
Defining the Zero Trust Protect Surface - Korean Translation

Defining the Zero Trust Protect Surface - Korean Translation
Release Date: 04/24/2024

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate...

Request to download
Defining the Zero Trust Protect Surface - Japanese Translation

Defining the Zero Trust Protect Surface - Japanese Translation
Release Date: 04/15/2024

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate...

Request to download
Requirements for Bodies Providing STAR Certification

Requirements for Bodies Providing STAR Certification
Release Date: 04/13/2024

This document outlines how to conduct STAR certification assessments to the Cloud Controls Matrix (CCM) as part of an ISO 27001 assessment. The STAR certi...

Request to download
HSM-as-a-Service Use Cases, Considerations, and Best Practices

HSM-as-a-Service Use Cases, Considerations, and Best Practices
Release Date: 04/03/2024

A Hardware Security Module (HSM) is a certified, trusted platform for performing cryptographic operations and protecting keys. It is a tamper-responsive a...

Request to download
The State of AI and Security Survey Report

The State of AI and Security Survey Report
Release Date: 04/02/2024

The advent of artificial intelligence (AI) in cybersecurity marks a transformative era in the realm of digital defense. AI has the potential to be a vital...

Request to download
Open Certification Framework Working Group Charter

Open Certification Framework Working Group Charter
Release Date: 03/31/2024

The CSA Open Certification Framework (OCF) is an industry initiative to allow global, trusted independent evaluation of cloud providers. It is a program for ...

Request to download
AI Controls Framework Working Group Charter 2024

AI Controls Framework Working Group Charter 2024
Release Date: 03/21/2024

The AI Controls Framework working group is focused on staying abreast of the latest technological advancements in AI while simultaneously identifying, und...

Request to download
Standardizing Security in Diverse Sectors: A Template for STAR-Aligned Sector-Specific Standards

Standardizing Security in Diverse Sectors: A Template for STAR-Aligned Sector-Specific Standards
Release Date: 03/06/2024

The CSA Security, Trust, Assurance, and Risk (STAR) program encompasses the key principles of transparency, rigorous auditing, and harmonization of cybers...

Request to download
Defining the Zero Trust Protect Surface

Defining the Zero Trust Protect Surface
Release Date: 03/05/2024

Enterprise adoption and implementation of Zero Trust is broad and growing. Venture Beat reports that 90% of organizations moving to the cloud are adopting...

Request to download
Beyond Passwords: The Role of Passkeys in Modern Web Security - Japanese Translation

Beyond Passwords: The Role of Passkeys in Modern Web Security - Japanese Translation
Release Date: 02/28/2024

This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate...

Request to download
The Six Pillars of DevSecOps - Collaboration and Integration

The Six Pillars of DevSecOps - Collaboration and Integration
Release Date: 02/20/2024

“Security can only be achieved through collaboration, not confrontation” is one of the defining principles of DevSecOps. Essentially, security is a team s...

Request to download
The State of Security Remediation 2024

The State of Security Remediation 2024
Release Date: 02/13/2024

Security remediation involves identifying, evaluating, and addressing security vulnerabilities to mitigate potential risks. In the ever-evolving landscape...

Request to download
CCM v4.0 Addendum - ECUC PP v2.1

CCM v4.0 Addendum - ECUC PP v2.1
Release Date: 02/12/2024

This document is an addendum to the 'ECUC Position Paper v2.1 (ECUC PP v2.1) that contains controls mapping between the CSA CCM v4.0 and the ECUC PPv2.1. ...

Request to download