Working Group

Open Certification Framework

Open Certification Framework

Introduction

The CSA Open Certification WG is an industry initiative to allow global, accredited, trusted certification of cloud providers. It is a program for flexible, incremental and multi-layered cloud provider certification according to the CSA’s industry leading security guidance and control objectives. The program will integrate with popular third-party assessment and attestation statements developed within the public accounting community to avoid duplication of effort and cost.

Artifacts

Open Certification Framework Working Group Charter
Open Certification Framework Working Group Charter

The CSA Open Certification Framework (OCF) is an industry initiative to allow global, trusted independent evaluation of cloud providers. It i...

STAR Continuous Increasing Trust and Integrity Brochure
STAR Continuous Increasing Trust and Integrity Brochure
STAR Continuous Technical Guidance
STAR Continuous Technical Guidance
Requirements for Bodies Providing STAR Certification
Requirements for Bodies Providing STAR Certification

This document outlines how to conduct a STAR certification assessments to the Cloud Controls Matrix (CCM) as part of an ISO 27001 assessment.

Streamlining Vendor IT Security and Risk Assessments
Streamlining Vendor IT Security and Risk Assessments

A perspective on standards-based assurance of Cloud Providers.

Guidelines for CPAs Providing CSA STAR Attestation v2
Guidelines for CPAs Providing CSA STAR Attestation v2
CSA STAR Program & Open Certification Framework in 2016 and Beyond
CSA STAR Program & Open Certification Framework in 2016 and Beyond

The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) program is the industry’s leading trust mark for cloud securi...

Guidelines for CPAs Providing CSA STAR Attestation
Guidelines for CPAs Providing CSA STAR Attestation
STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)
STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)

There are a number of control areas on the CCM that will each be awarded a management capability score on a scale of 1-15. This 2nd version r...

Publicizing Your STAR Certification
Publicizing Your STAR Certification

The following guidelines will help you to apply good practice in publicizing, communicating and promoting your certification to stakeholders,...

OCF Vision Statement
OCF Vision Statement

The CSA Open Certification Framework is a program for flexible, incremental and multi-layered cloud provider certification according to the C...

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Leadership

Andrew Williams Headshot

Andrew Williams is the Director of Program Development at Coalfire. In this role, he is responsible for working closely with Coalfire customers, industry bodies and regulatory authorities, and inte...

 
Andrew Williams
 
Ryan Mackie Headshot

Ryan Mackie is a Principal at Schellman & Company, LLC. Ryan manages SOC, PCI-DSS, ISO, HIPAA, and Cloud Security Alliance (CSA) STAR Certification and Attestation service delivery and also ove...

 
Ryan Mackie
 
Ronald Tse Headshot

Ronald Tse is the Founder and CEO of Ribose, leading its strategic development and technology roadmap. He graduated from Brown University with bachelor's degrees magna cum laude in Computer Science...

 
Ronald Tse
 
Andreas Fuchsberger Headshot
Andreas Fuchsberger
John DiMaria Headshot
John DiMaria
Daniele Catteddu Headshot

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the pr...

 
Daniele Catteddu