CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
Cloud Computing: What Damages in Case of Outages Service interruptions are inevitable regardless of whether the cloud service provider is a small company or a large company. When a cloud service goes down, ... Request to download | |
Cloud Controls Matrix v1.4 This is an old version of the Cloud Controls Matrix (CCM). You learn more and download the latest version of the CCM here: https://cloudsecurityalliance.org/... Request to download | |
GRC Stack | |
Enterprise Architecture v2.0 The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects and risk management professionals... Request to download | |
CSA Position Paper on AICPA Service Organization Control Reports The Cloud Security Alliance (CSA) has drafted the CSA Position Paper on AICPA Service Organization Control Reports as a means to educate its members and prov... Request to download | |
Privacy Level Agreement (PLA) Outline Annex | |
Privacy Level Agreement (PLA) Outline for the Sale of Cloud Services in the European Union The Outline provides a structure for Cloud Service Providers (CSP) to disclose, in a consistent matter, information about the privacy and data protection pol... Request to download | |
The Notorious Nine: Cloud Computing Top Threats in 2013 Providing organizations with up-to-date, expert-informed understanding of cloud security threats in order to make educated risk-management decisions regardin... Request to download | |
What the Proposed EU Data Protection Regulation Means for Cloud Users | |
Article 29 Working Party Cloud Computing Opinion: A Blow to Safe Harbor The Article 29 Data Protection Working Party—which includes representatives of the data protection authorities of each of the European Union member states—re... Request to download | |
International Standardization Council Roles and Responsibilities for Liaison Officer | |
International Standardization Council Operating Procedures | |
What Rules Apply to Government Access to Data Held by US Cloud Service Providers What rules regulate government access to data held by US cloud service providers. ... Request to download | |
Security Guidance for Critical Areas of Mobile Computing Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners,... Request to download | |
Top Ten Big Data Security and Privacy Challenges In this paper, we highlight the top ten big data specific security and privacy challenges. We interviewed Cloud Security Alliance members and surveyed securi... Request to download | |
CSA Congress 2012 Big Data Overview Crystallization of best practices for security and privacy in big data. Request to download | |
SecaaS Category 7 // Security Information and Event Management Implementation Guidance This document provides guidance on how to evaluate, architect, and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructu... Request to download | |
SecaaS Category 9 // BCDR Implementation Guidance When using the cloud for operational processes and/or production systems, an organization’s BC/DR requirements must be included in their procurement, plannin... Request to download | |
SecaaS Category 8 // Encryption Implementation Guidance Encryption is a primary data (and application) protection technique. For encryption to be useful, encryption keys must be properly managed and protected. Thi... Request to download | |
SecaaS Category 6 // Intrusion Management Implementation Guidance Because of the limited market maturity and lack of widely accepted best practices, this document provides implementation guidelines for cloud-based intrusion... Request to download |