ChaptersEventsBlog
Get Free Early Access to TAISE Module 3! Sample the Certificate Experience Today!

Working Group

SaaS Security Capability Framework (SSCF)

The SaaS Security Capability Framework (SSCF) addresses the critical need for an industry standard that defines the minimum technical security capabilities SaaS applications should provide, particularly those that fall within the customer's scope under the Shared Security Responsibility Model (SSRM).
SaaS Security Capability Framework (SSCF)
Currently, the lack of such a standard has led to major inconsistencies in the security features offered by SaaS vendors, resulting in significant operational challenges, increased costs, and heightened security risks. The SSCF focuses on customer-facing controls such as logging, access monitoring, and configuration of security settings that can be directly managed or utilized by customers to meet their security obligations. As many SaaS platforms do not offer sufficient configurability to align with an organization’s risk appetite or requirements, the SSCF aims to bridge this gap by outlining a clear set of technical security capabilities that should be embedded in SaaS offerings.

Working Group Leadership

Jonathan Villa
Jonathan Villa

Jonathan Villa

Romke de Haan
Romke de Haan

Romke de Haan

Guidepoint Security

Boris Sieklik
Boris Sieklik

Boris Sieklik

MongoDB

Publications in ReviewOpen Until
Key Management in Cloud Services 2025 Update Sep 26, 2025
Applying Zero Trust Principles with Network-Infrastructure Hiding Protocol - Stealth Mode Software Defined Perimeter for Network InfrastructureOct 16, 2025
Enabling Zero Trust for Cellular Networks - Guidance for Securing Mobile NetworksOct 16, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Key Management in Cloud Services 2025 Update

Open Until: 09/26/2025

This document is an updated edition of the original “Key Management in Cloud Services” paper, first published in 2020. ...

Applying Zero Trust Principles with Network-Infrastructure Hiding Protocol - Stealth Mode Software Defined Perimeter for Network Infrastructure

Open Until: 10/16/2025

Our core TCP/IP networking systems and protocols have been with us since the 1970s, and have in many ways served us well. T...

Enabling Zero Trust for Cellular Networks - Guidance for Securing Mobile Networks

Open Until: 10/16/2025

The rapid evolution of cellular network technologies, particularly the rollout of 5G, Open Radio Access Network (ORAN), and...