CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
 | Preparing Enterprises for the Quantum Computing Cybersecurity Threats Quantum computing, while expected to help make many advancements, will also break the existing asymmetric-key cryptosystems, thus endangering our security in... Request to download |
 | Cloud OS Security Specification This document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud ... Request to download |
 | CCM Mapping Methodology The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to ... Request to download |
 | SecaaS Category 7 // Security Information and Event Management Implementation Guidance This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructu... Request to download |
 | SecaaS Category 9 // BCDR Implementation Guidance When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their procurement, plannin... Request to download |
 | SecaaS Category 8 // Encryption Implementation Guidance Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption keys must be properly managed and protected. Thi... Request to download |
 | SecaaS Category 6 // Intrusion Management Implementation Guidance Because of the limited market maturity and lack of widely accepted best practices, this document provides implementation guidelines for cloud-based intrusion... Request to download |
 | SecaaS Category 5 // Security Assessments Implementation Guidance There are many choices for an assessment framework standard and there is no "one size fits all" solution for security assessments. One could reasonably expec... Request to download |
 | SecaaS Category 4 // Email Security Implementation Guidance Due to its ubiquitous use, electronic mail is both the prime target of, and primary vehicle for, attacks, and must be protected on both ends: sending and rec... Request to download |
 | SecaaS Category 2 // Data Loss Prevention Implementation Guidance DLP must be considered an essential element for achieving an effective information security strategy for protecting data as it moves to, resides in and depar... Request to download |
 | SecaaS Category 3 // Web Security Implementation Guidance The vendor and academic community have come together to form a set of solutions called Security as a Service. This document specifically addresses one elemen... Request to download |
 | SecaaS Category 10 // Network Security Implementation Guidance In a cloud environment, a major part of network security is likely to be provided by virtual security devices and services, alongside traditional physical ne... Request to download |
 | SecaaS Category 1 // Identity and Access Management Implementation Guidance This document addresses personnel involved in the identification and implementation of the IAM solution in the cloud. It will be of particular interest to th... Request to download |
 | Enterprise Architecture Mapping V1.9 This is an outdated version of this document. You can access the latest version of the CSA Enterprise Architecture here. Request to download |
 | Enterprise Architecture Model V1.1 This is an outdated version of this document. You can access the latest version of the CSA Enterprise Architecture here. ... Request to download |
 | Enterprise Architecture Reference Architecture Quick Guide This quick guide provides an overview of what the Enterprise Architecture is, the challenges it helps solve and how to use it. The Enterprise Architecture it... Request to download |