CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
 | CCMv4.0 Auditing Guidelines This document contains auditing guidelines for each of the control specifications within the CCM version 4. The CCM is a detailed controls framework align... Request to download |
 | Cloud Key Management System with External Origin Key The purpose of this document is to provide general guidance for choosing, planning, and deploying cloud-native key management systems (KMS) where there is... Request to download |
 | Roles and Responsibilities of Third Party Security Services As we witness the broader adoption of cloud services, it is no surprise that third-party outsourced services are also on the rise. The security responsibi... Request to download |
 | Secure DevOps and Misconfigurations Survey Report Secure DevOps, DevSecOps, and “shifting left” have become increasingly popular terms in cybersecurity. With the rapid increase both in volume and speed to... Request to download |
 | CSA Medical Device Incident Response Playbook This document presents a best-practices medical device incident response playbook that incorporates clinical aspects of medical device IR. As such, this g... Request to download |
 | Secure Connection Requirements of Hybrid Cloud The National Institute of Standards and Technology (NIST) defines hybrid cloud infrastructure as a composition of distinct cloud infrastructures (private,... Request to download |
 | STAR Level 1: Security Questionnaire (CAIQ v4) - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
 | Cloud Threat Modeling - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
 | Toward a Zero Trust Architecture Enterprise stakeholders must consider the challenges of increased real-time system complexity, the need for new cybersecurity policy and strong cultural s... Request to download |
 | CCM v4 - Turkish Translation Bu yayının bu yerel dile çevrilmiş versiyonu, bölümlerin ve gönüllülerin çabalarıyla [orijinal kaynak](https://cloudsecurityalliance.org/artifacts/cloud-c... Request to download |
 | CCM and CAIQ v4 -Japanese Translations This localized version of this publication was produced from the original source material (CCM, CAIQ) through the efforts of chapters and volunteers but t... Request to download |
 | CCM v4 - Spanish Translation Esta versión traducida de esta publicación se produjo a partir de la fuente original del material gracias al esfuerzo de los capítulos y voluntarios, pero... Request to download |
 | CCM v4 - Chinese Translation 该中文版本的出版物是根据[原文](https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/)进行汉化,由CSA大中华区及其志愿者翻译完成,但翻译的内容不属于[CSA研究院生命周期](https://cloudsecuritya... Request to download |
 | The Continuous Audit Metrics Catalog Are traditional infosec assurance tools outdated? Many cloud customers think so. They see that technology changes quickly, and products are frequently evo... Request to download |
 | CCM v4 - Hungarian Translation A kiadvány e honosított változata az eredeti forrásanyagból készült, helyi szervezetek és önkéntesek erőfeszítései révén, de a lefordított tartalom kívül ... Request to download |
 | Practical Preparations for the Post-Quantum World This document discusses the cybersecurity challenges and recommended steps to reduce likely new risks due to quantum information sciences. This paper was ... Request to download |
 | Information Technology Governance, Risk and Compliance in Healthcare Information Technology (IT) Governance, Risk, and Compliance (GRC), are three words that have a significant impact on organizations. While each term seems... Request to download |
 | Top 10 Blockchain Attacks, Vulnerabilities & Weaknesses Cryptocurrencies and other blockchain virtual assets have been the target of the majority of Distributed Ledger Technology (DLT) attacks and a variety of ... Request to download |
 | State of Cloud Security Risk, Compliance, and Misconfigurations Cloud misconfigurations consistently are a top concern for organizations utilizing public cloud. Such errors lead to data breaches, allow the deletion or ... Request to download |
 | Ransomware in the Healthcare Cloud Ransomware is the fastest-growing malware threat today. Over the last few years, it has risen to epidemic proportions, quickly becoming a significant reve... Request to download |