CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
![Consensus Assessment Initiative Questionnaire (CAIQ) v3.1 [No Longer Accepted]](https://cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTc3MjEsInB1ciI6ImJsb2JfaWQifX0=--846e63ecb5438faa0471cb729b8fd20217573428/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwiYmFja2dyb3VuZCI6Im5vbmUiLCJyZXNpemUiOiIxMTF4MTQzIn0sInB1ciI6InZhcmlhdGlvbiJ9fQ==--93baa008e2971cd847242da268875a6f46d313a8/CAIQ-No-Longer-Accepted.png) | Consensus Assessment Initiative Questionnaire (CAIQ) v3.1 [No Longer Accepted] Release Date: 04/01/2020 Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. The CAIQ offers an i... Request to download |
 | Managing the Risk for Medical Devices Connected to the Cloud Release Date: 03/16/2020 With the increased number of Internet of Things devices, Healthcare Delivery Organizations are experiencing a digital transformation bigger than anything in ... Request to download |
 | PLA Code of Practice Template Annex 1 (Updated - March 2020) Release Date: 03/12/2020 CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f... Request to download |
 | Best Practices in Implementing a Secure Microservices Architecture Release Date: 02/24/2020 Application containers and a microservices architecture are being used to design, develop, and deploy applications leveraging agile software development appr... Request to download |
 | The Six Pillars of DevSecOps: Collective Responsibility Release Date: 02/21/2020 The DevSecOps Working Group identified and defined six focus areas critical to integrating DevSecOps into an organization, in accordance with the six pillars... Request to download |
 | Cloud Usage in the Financial Services Sector Release Date: 02/21/2020 This survey was created and completed by members of the the Financial Services Stakeholders Platform, a CSA working group whose main objective is to identify... Request to download |
| CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications Release Date: 01/29/2020 This document is an addendum to the CCM V3.0.1 and contains a controls mapping and gap analysis between the CSA CCM and CSA's research artifact "Cloud OS Sec... Request to download |
 | Critical Controls Implementation for SAP Release Date: 01/06/2020 The Critical Controls Implementation for SAP is the first in a series of implementation documents that the CSA ERP Security Working Group aims to develop. Th... Request to download |
 | Privacy Level Agreement Working Group Charter Release Date: 11/29/2019 The Cloud Security Alliance would like to invite you to review and comment on the updated Privacy Level Agreement Working Group Charter. The Privacy Level A... Request to download |
| CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) report Release Date: 11/27/2019 This document contains a mapping and gap analysis between the cloud security requirements of CCM V3.0.1 and those of the Reserve Bank of India (RBI)’s Gopala... Request to download |
| Beyond the General Data Protection Regulation (GDPR) Release Date: 11/19/2019 Data residency insights from around the world. This study reveals the top data protection concerns and strategies of more than 800 senior business profession... Request to download |
| Code of Conduct (CoC): Statement of Adherence 3rd Party Certification Release Date: 11/19/2019 CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f... Request to download |
| PLA Code of Conduct (CoC): Statement of Adherence Self-Assessment Release Date: 11/19/2019 CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f... Request to download |
| Guidance for submitting the CSA Code of Conduct (CoC) for GDPR Compliance Self-Assessment Release Date: 11/19/2019 The CSA CoC for GDPR Compliance Self-Assessment is the voluntary publication of a CSP’s self-assessment results based on the requirements specified in the PL... Request to download |
 | Software-Defined Perimeter as a DDoS Prevention Mechanism Release Date: 10/27/2019 The primary goal of this document is to increase the awareness and understanding of SDP as a tool to prevent DDoS attacks by demonstrating its efficiency and... Request to download |
| Mobile Application Security Testing (MAST) - Charter Release Date: 10/22/2019 Mobile Applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emer... Request to download |
 | Release Date: 09/05/2019 The report summarizes the mapping of CCM v3.0.1 to 'Guideline on Effectively Managing Security Services in the Cloud' and provides gap analysis on the result... Request to download |
| Mapping of 'The Guidelines' Security Recommendations to CCM Release Date: 09/05/2019 This document contains the additional controls that serves to bridge the gap between CCM V3.0.1 and the controls within 'Guideline on Effectively Managing Se... Request to download |
 | Release Date: 08/07/2019 In our current state of cyber security, there has been a large growth of application flaws that bypass the continuing addition of security frameworks to ensu... Request to download |
 | Top Threats to Cloud Computing: Egregious Eleven Release Date: 08/06/2019 The report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management deci... Request to download |