CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
![]() | Blockchain/Distributed Ledger Technology (DLT) Risk and Security Considerations There is no shortage of guidance on how to design, configure and deploy Fabric solutions. This paper provides insights into how the three layers of blockc... Request to download |
![]() | IoT Charter 2022 This charter lays out the scope, responsibilities, and roadmap for the IoT Working Group. The Cloud Security Alliance (CSA) IoT Working Group (IoTWG) plan... Request to download |
![]() | Toward a Zero Trust Architecture - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
![]() | Cybersecurity Best Practices for the Manufacturing Industry The manufacturing and industrial sectors have evolved with the introduction of technologies over the past many decades. Progress in improving processes, t... Request to download |
![]() | DevSecOps - Pillar 4 Bridging Compliance and Development OverviewThis document provides guidance to ensure the gap between compliance and development is addressed by recognizing compliance objectives, translatin... Request to download |
![]() | Cloud Security and Technology Maturity Survey The goal of this survey is to better understand the maturity levels of organizations for the cloud and technology both currently and in the near future. K... Request to download |
![]() | How to Design a Secure Serverless Architecture - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
![]() | Open Certification Framework Working Group Charter The CSA Open Certification Framework (OCF) is an industry initiative to allow global, trusted independent evaluation of cloud providers. It is a program for ... Request to download |
![]() | Artificial Intelligence in Healthcare Artificial intelligence (AI) now has the potential to be integrated into all aspects of healthcare, from management to delivery and diagnosis. These advan... Request to download |
![]() | Corda Enterprise 4.8 - Architecture Security Report Blockchain technology is being rapidly adopted by enterprises to bring traceability and transparency to external business workflows. Considering that many... Request to download |
![]() | Corda Enterprise 4.8 - Security Controls Checklist In this spreadsheet, our Blockchain/Distributed Ledger Working Group delivers a fully implementable security controls checklist for the blockchain framewo... Request to download |
![]() | State of Cloud Security Risk, Compliance, and Misconfigurations - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
![]() | Cloud Incident Response Framework - Korean Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
![]() | CCMv4.0 Auditing Guidelines This document contains auditing guidelines for each of the control specifications within the CCM version 4. The CCM is a detailed controls framework align... Request to download |
![]() | Cloud Key Management System with External Origin Key The purpose of this document is to provide general guidance for choosing, planning, and deploying cloud-native key management systems (KMS) where there is... Request to download |
![]() | Roles and Responsibilities of Third Party Security Services As we witness the broader adoption of cloud services, it is no surprise that third-party outsourced services are also on the rise. The security responsibi... Request to download |
![]() | Secure DevOps and Misconfigurations Survey Report Secure DevOps, DevSecOps, and “shifting left” have become increasingly popular terms in cybersecurity. With the rapid increase both in volume and speed to... Request to download |
![]() | CSA Medical Device Incident Response Playbook This document presents a best-practices medical device incident response playbook that incorporates clinical aspects of medical device IR. As such, this g... Request to download |
![]() | Secure Connection Requirements of Hybrid Cloud The National Institute of Standards and Technology (NIST) defines hybrid cloud infrastructure as a composition of distinct cloud infrastructures (private,... Request to download |
![]() | STAR Level 1: Security Questionnaire (CAIQ v4) - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |