Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
Current Business Members
CxO Trust
Contact Us
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Zero Trust Advancement Center
CxO Trust
CloudBytes Webinars
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
Zero Trust Architecture
View more
Awards & Recognition
Ron Knode Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Incident Response
Top Threats
View all topics
Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
Current Business Members
CxO Trust
Contact Us
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Zero Trust Advancement Center
CxO Trust
CloudBytes Webinars
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
Zero Trust Architecture
View more
Awards & Recognition
Ron Knode Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Incident Response
Top Threats
View all topics
Circle
Events
Blog

Working Group

Cloud Component Specifications

In order to address the gap in industry best practices for cloud components this working group proposes to develop internationally recognized technical security specifications for cloud components.
Sign-Up
Cloud OS Security Specification v2.0
Cloud OS Security Specification v2.0

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Working Groups
Cloud Component Specifications
Working Group Overview

In order to address the gap in industry best practices for cloud components, this working group proposes to develop internationally recognized technical security specifications for cloud components.


Drafts & Important Docs


Working Group Leadership

Xiaoyu Ge Headshot
Xiaoyu Ge

Xiaoyu Ge

Senior Security Standards Manager of Huawei IT

Xiaoyu Ge is the Senior Security Standards Manager of Huawei IT Product Line which include cloud computing, big data, storage, and server products and services. He is also active as security expert in SDOs, He is the ISO/IEC JTC1 SC27 WG expert of China Nation Body, he is the rapporteur of several SC27 project such as “Requirements for establishing roots of trust for virtualized environment”. He participated in CSA several years ago, he is ...

Read more

Publications in ReviewOpen Until
Third-Party Vendor Risk ManagementJun 13, 2022
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Third-Party Vendor Risk Management

Open Until: 06/13/2022

The increased use of third-party vendors for applications and data processing services is a business model that is likely t...

Participate in peer review