CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
![]() | Top Concerns With Vulnerability Data The top vulnerability management frameworks used today include the Common Vulnerabilities and Exposures (CVE) program and the Common Vulnerability Scoring... Request to download |
![]() | CCM Video Series: A&A - Audit & Assurance In this presentation we introduce the Audit and Assurance (A&A) domain within the Cloud Control Matrix (CCM). The A&A domain, consisting of six co... Request to download |
![]() | CCM Video Series: AIS - Application & Interface Security In this presentation, we introduce the CCM's Application and Interface Security (AIS) domain. With seven control specifications, the AIS domain is focused... Request to download |
![]() | Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives This publication explores the use of asymmetric cryptography in Zero Trust. Asymmetric cryptography provides an industry-standard, secure method to establ... Request to download |
![]() | CCM Video Series: HRS - Human Resources Security In this presentation we focus on the Human Resources (HRS) security domain, which comprises thirteen control specifications designed to help cloud organiz... Request to download |
![]() | CCM Video Series: GRC - Governance, Risk Management, & Compliance In this presentation we introduce the*Governance, Risk Management, and Compliance (GRC) domain of CCM, which consists of eight control specifications. The... Request to download |
![]() | CCM Video Series: CCC - Change Control & Configuration Management This presentation explores the Change Control and Configuration Management (CCCM) domain of the Cloud Control Matrix (CCM). With its nine control specific... Request to download |
![]() | CCM Video Series: CEK - Cryptography, Encryption, & Key Management In this presentation we explore the Cryptography, Encryption, and Key Management (CEK) domain within the Cloud Control Matrix (CCM) that comprises twenty-... Request to download |
![]() | CCM Video Series: LOG - Logging & Monitoring In this presentation we focus on the Logging and Monitoring domain, which includes thirteen control specifications that help both Cloud Service Providers ... Request to download |
![]() | CCM Video Series: STA - Supply Chain Mgmt, Transparency, & Accountability In this presentation we explore the Supply Chain Management, Transparency, and Accountability (STA) domain, which includes fourteen control specifications... Request to download |
![]() | CCM Video Series: TVM - Threat & Vulnerability Management In this presentation we cover the Threat and Vulnerability Management (TVM) domain, which features ten control specifications aimed at helping both Cloud ... Request to download |
![]() | CCM Video Series: BCR - Business Continuity Mgmt & Op Resilience In this presentation, we introduce the CCM business Continuity Management and Operational Resilience domain, comprising eleven control specifications. Thi... Request to download |
![]() | CCM Video Series: DSP - Data Security & Privacy In this presentation we explore the Data Security and Privacy Lifecycle Management (DSP) domain, which includes nineteen control specifications focused on... Request to download |
![]() | CCM Video Series: IAM - Identity & Access Management In this presentation we introduce the Identity and Access Management (IAM) domain, which includes sixteen control specifications aimed at helping both Clo... Request to download |
![]() | CCM Video Series: IVS - Infrastructure & Virtualization Security In this presentation we delve into the Infrastructure and Virtualization Security (IVS) domain, which comprises nine control specifications designed to gu... Request to download |
![]() | The State of Multi-Cloud Identity Survey Enterprises encounter significant obstacles when adopting multi-cloud. Namely, harmonizing hybrid and cloud identity systems for secure integration. Ident... Request to download |
![]() | Zero Trust Guidance for Critical Infrastructure In most nations, the health of public services relies on secure and resilient Critical Infrastructure. We call these infrastructures "critical" because th... Request to download |
![]() | Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
![]() | AI Organizational Responsibilities - Governance, Risk Management, Compliance and Cultural Aspects Continuing CSA's efforts to address the evolving AI landscape, this latest publication covers AI governance, risk management, and culture. Understand vari... Request to download |
![]() | NIST CSF v2 Cloud Community Profile - Based on CCM v4 The CSFv2.0 Cloud Community Profile aligns the Cloud Controls Matrix (CCM) version 4.0 with the Cybersecurity Framework (CSF) version 2.0 by mapping equiv... Request to download |