Circle
Events
Blog

Working Group

Security Guidance

The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders.
Sign-Up View Current Projects
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
Security Guidance for Critical Areas of Focus in Cloud Computing v4.0

Download

Working Group Overview
The advancement toward secure cloud computing requires active participation from a broad set of globally-distributed stakeholders. CSA brings together this diverse community of industry partnerships, international chapters, working groups, and individuals to create the Cloud Security Guidance.


CSA Security Guidance v5 in development
The CSA Security Guidance v4 has become a fundamental source for best practices in the cloud. We plan on updating this core research to integrate the latest best practices in cloud and aligning with version 4 of the CCM and CAIQ. This document is a proposal to restructure the fifth version of Guidance with details around each option. 


Drafts & Important Docs

Working Group Leadership

Rich Mogull Headshot
Rich Mogull

Rich Mogull

Rich is the VP of Product for DisruptOPS and Analyst and CEO of Securosis. With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum. He is a prolific writer and featured speaker at the security industry’s largest events, including RSA...

Read more

Publications in ReviewOpen Until
The Six Pillars of DevSecOps - Pragmatic ImplementationOct 10, 2022
Security Guidance for Critical Areas of Focus in Cloud Computing v5 - OutlineDec 07, 2022
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

The Six Pillars of DevSecOps - Pragmatic Implementation

Open Until: 10/10/2022

This document provides a high-level overview of the various tools and processes that should be considered when building out...

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline

Open Until: 12/07/2022

The proposed outline for the Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing v5 is...