CSA Research Publications

Whitepapers, Reports and Other Resources

Home
Publications

Browse Publications

CCM v4.0 Implementation Guidelines

CCM v4.0 Implementation Guidelines
Release Date: 09/13/2021

This document will help you understand how to navigate through the Cloud Controls Matrix v4 to use it effectively and interpret and implement the CCM cont...

Request to download
Cloud Controls Matrix and CAIQ v4

Cloud Controls Matrix and CAIQ v4
Release Date: 06/07/2021

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto s...

Request to download
STAR Enabled Solution | CAIQ-Lite

STAR Enabled Solution | CAIQ-Lite
Release Date: 05/05/2021

CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enabl...

Request to download
Requirements for Bodies Providing STAR Certification

Requirements for Bodies Providing STAR Certification
Release Date: 12/05/2020

This document outlines how to conduct a STAR certification assessments to the Cloud Controls Matrix (CCM) as part of an ISO 27001 assessment.

Request to download

STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)
Release Date: 08/05/2020

There are a number of control areas on the CCM that will each be awarded a management capability score on a scale of 1-15. This 2nd version release includes ...

Request to download
Consensus Assessment Initiative Questionnaire (CAIQ) v3.1

Consensus Assessment Initiative Questionnaire (CAIQ) v3.1
Release Date: 04/01/2020

Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. The CAIQ offers an ...

Request to download

PLA Code of Conduct (CoC): Statement of Adherence Self-Assessment
Release Date: 11/19/2019

CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f...

Request to download

Guidance for submitting the CSA Code of Conduct (CoC) for GDPR Compliance Self-Assessment
Release Date: 11/19/2019

The CSA CoC for GDPR Compliance Self-Assessment is the voluntary publication of a CSP’s self-assessment results based on the requirements specified in the PL...

Request to download
Cloud Controls Matrix v3.0.1

Cloud Controls Matrix v3.0.1
Release Date: 08/03/2019

The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations...

Request to download
STAR Continuous Technical Guidance

STAR Continuous Technical Guidance
Release Date: 02/27/2019

STAR Continuous specifies the necessary activities and conditions for the continuous auditing of the cloud service over a defined set of security requirement...

Request to download
CSA STAR Program & Open Certification Framework in 2016 and Beyond

CSA STAR Program & Open Certification Framework in 2016 and Beyond
Release Date: 04/12/2016

The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud security. The CSA Open...

Request to download
STAR Overview PDF

STAR Overview PDF
Release Date: 04/20/2015

The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumer...

Request to download

Publicizing Your STAR Certification
Release Date: 09/03/2013

The following guidelines will help you to apply good practice in publicizing, communicating and promoting your certification to stakeholders, including staff...

Request to download