CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
 | Cloud Controls Matrix v4 The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations... Request to download |
 | Requirements for Bodies Providing STAR Certification This document outlines how to conduct a STAR certification assessments to the Cloud Controls Matrix (CCM) as part of an ISO 27001 assessment. Request to download |
 | STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM) There are a number of control areas on the CCM that will each be awarded a management capability score on a scale of 1-15. This 2nd version release includes ... Request to download |
 | CAIQ-Lite CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud procurement models, and to enabl... Request to download |
 | Consensus Assessment Initiative Questionnaire (CAIQ) v3.1 Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. The CAIQ offers an ... Request to download |
| PLA Code of Conduct (CoC): Statement of Adherence Self-Assessment CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f... Request to download |
| Guidance for submitting the CSA Code of Conduct (CoC) for GDPR Compliance Self-Assessment The CSA CoC for GDPR Compliance Self-Assessment is the voluntary publication of a CSP’s self-assessment results based on the requirements specified in the PL... Request to download |
 | Guidelines for CPAs Providing CSA STAR Attestation v2 This document provides guidance for CPAs in conducting a STAR Attestation. It includes relevant information including: professional requirements, competency ... Request to download |
 | Cloud Controls Matrix v3.0.1 The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations... Request to download |
 | STAR Continuous Technical Guidance STAR Continuous specifies the necessary activities and conditions for the continuous auditing of the cloud service over a defined set of security requirement... Request to download |
 | CSA STAR Program & Open Certification Framework in 2016 and Beyond The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud security. The CSA Open... Request to download |
 | STAR Overview PDF The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumer... Request to download |
| Publicizing Your STAR Certification The following guidelines will help you to apply good practice in publicizing, communicating and promoting your certification to stakeholders, including staff... Request to download |