CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
Map the Transaction Flows for Zero Trust The NSTAC Report to the President on Zero Trust defines five steps to implementing a Zero Trust security strategy. This publication provides guidance on e... Request to download | |
AI Risk Management: Thinking Beyond Regulatory Boundaries While artificial intelligence (AI) offers tremendous benefits, it also introduces significant risks and challenges that remain unaddressed. A comprehensiv... Request to download | |
Top Concerns With Vulnerability Data The top vulnerability management frameworks used today include the Common Vulnerabilities and Exposures (CVE) program and the Common Vulnerability Scoring... Request to download | |
Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives This publication explores the use of asymmetric cryptography in Zero Trust. Asymmetric cryptography provides an industry-standard, secure method to establ... Request to download | |
The State of Multi-Cloud Identity Survey Enterprises encounter significant obstacles when adopting multi-cloud. Namely, harmonizing hybrid and cloud identity systems for secure integration. Ident... Request to download | |
Zero Trust Guidance for Critical Infrastructure In most nations, the health of public services relies on secure and resilient Critical Infrastructure. We call these infrastructures "critical" because th... Request to download | |
Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download | |
AI Organizational Responsibilities - Governance, Risk Management, Compliance and Cultural Aspects Continuing CSA's efforts to address the evolving AI landscape, this latest publication covers AI governance, risk management, and culture. Understand vari... Request to download | |
NIST CSF v2 Cloud Community Profile - Based on CCM v4 The CSFv2.0 Cloud Community Profile aligns the Cloud Controls Matrix (CCM) version 4.0 with the Cybersecurity Framework (CSF) version 2.0 by mapping equiv... Request to download | |
Informative Reference Details for the Mapping of CCM v4 to NIST CSF v2 The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices for securing cloud... Request to download | |
AI in Medical Research: Applications & Considerations The advent of artificial intelligence (AI) has brought about a paradigm shift in numerous fields. AI technologies can process vast amounts of data, recogn... Request to download | |
AI Organizational Responsibilities - Core Security Responsibilities - Korean Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download | |
AI Resilience: A Revolutionary Benchmarking Model for AI Safety - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download | |
Don’t Panic! Getting Real about AI Governance The excitement around Generative AI and its potential business value continues to grow. A major factor is AI systems' emerging capability to mimic human-l... Request to download | |
The State of Non-Human Identity Security Non-human identities (NHIs) include bots, API keys, service accounts, OAuth tokens, and secrets. These identities keep today’s organizations running smoot... Request to download | |
Confidential Computing Working Group Charter 2024 The working group is tasked with exploring and implementing Confidential Computing technologies to enhance data security across various industries. This g... Request to download | |
Zero Trust Guiding Principles v1.1 Zero Trust is a strategic mindset that is highly useful for organizations to adopt as part of their digital transformations. Based on the idea of "never t... Request to download | |
Data Privacy Engineering Working Group Charter 2024 The Data Privacy Engineering Working Group (DPE WG) is chartered with the mission to integrate privacy-centric methodologies into development workflows, a... Request to download | |
Fully Homomorphic Encryption Working Group Charter 2024 Through the use and deployment of cryptographic libraries, specialist software toolchains, and dedicated hardware and infrastructure, Fully Homomorphic En... Request to download | |
Securing LLM Backed Systems: Essential Authorization Practices Organizations are increasingly leveraging Large Language Models (LLMs) to tackle diverse business problems. Both existing companies and a crop of new star... Request to download |