ChaptersCircleEventsBlog
Share how your organization adapts IAM practices to AI. Take the AI Identify Risk & Readiness Survey today!

Working Group

CAVEaT™

The Joint CSA-MITRE Cloud Adversarial, Vectors, and Threats (CAVEaT) Collaboration to develop, curate, and host a cloud specific threat model to assist Cloud Security practitioners with threat-based analysis.
Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration
Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration

Download

CSA and the MITRE Corporation have established the Cloud Adversarial, Vectors, Exploits, and Threats (CAVEaT) collaboration to develop, curate, and host cloud specific threat models to assist Cloud Security practitioners with threat-based analysis.

Working Group Leadership

Kurt Seifried
Kurt Seifried

Kurt Seifried

Chief Innovation Officer, CSA

For over two decades, Kurt has excelled in information security, starting with Windows and Linux, and advancing to cloud computing and AI. With a strong focus on AI security, privacy, and open source, Kurt brings extensive expertise to the Cloud Security Alliance (CSA).

Read more

Dr. Mari Spina
Dr. Mari Spina

Dr. Mari Spina

Sr. Principal Cybersecurity Engineer / Cloud Security Capability Leader at MITRE

Dr. Spina joined MITRE in 2014 and has been supporting a multitude of MITRE Federal sponsors including DHS, DoD and the IC in the area of Cloud Security. At MITRE, she is a Principle Cybersecurity Engineer, leads the Cloud Security Capability Area, and teaches Cloud Security for the MITRE Institute. She has also taught many Information Technology courses for the George Washington University schools of engineering and business. Before joini...

Read more

Alex Kaluza
Alex Kaluza

Alex Kaluza

Research Analyst, CSA

Publications in ReviewOpen Until
CCM v4.1Aug 08, 2025
CAIQ v4.1Aug 08, 2025
CCMv4.1 Auditing GuidelinesAug 14, 2025
AICM to EU AI Act MappingAug 15, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

CCM v4.1

Open Until: 08/08/2025

The Cloud Security Alliance (CSA) in collaboration with the CCM WG is pleased to announce the release of the Final ...

CAIQ v4.1

Open Until: 08/08/2025

The Cloud Security Alliance (CSA), in collaboration with the Cloud Controls Matrix (CCM) Working Group are pleased to annou...

CCMv4.1 Auditing Guidelines

Open Until: 08/14/2025

The Cloud Security Alliance (CSA), in collaboration with the Cloud Controls Matrix (CCM) Working Group, is pleased to annou...

AICM to EU AI Act Mapping

Open Until: 08/15/2025

This mapping aims to identify the alignment between the AICM’s controls and the EU AI Act’s requirements, identifying areas...