Membership
Become a Member
Enterprises
Solution Providers
Current Members
Solution Providers
Affiliates
Assurance
STAR Program
STAR Levels
View Registry
Submit to Registry
Provide Feedback
GDPR Code of Conduct for STAR
STAR Resources
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
GDPR
Download the Code of Conduct
Submit Code of Conduct to the Registry
Resource Center
Global Consultancy
Become a Consulting Partner
Find a Consulting Service
Certificates & Training
Certificates
CCSK
CCAK
Trainings
CCAK (Coming Soon)
CCSK Lectures
CCSK Lectures + Labs
Advanced Cloud Security Practitioner
Register for Training
For Individuals
For Enterprises
Instructors
Become an Instructor
Training Partners
Become a Training Partner
Webinars
Cloudbytes
Research
GDPR
Events
Americas
APAC
EMEA
Research
What We Do
Research Working Groups
CSA Research Lifecycle
Research Publications
Security Guidance v4
Cloud Controls Matrix (CCM)
IoT Framework
Contribute
Open Peer Reviews
Surveys
Volunteer FAQ
Ron Knode Award
Working Groups
Internet of Things
DevSecOps
Software Defined Perimeter
Blockchain
Cloud Controls Matrix
EMEA Projects
APAC Projects
Community
About Circle
Create an Account
Login to Circle
How To Get Started
Blog
Events
Americas
APAC
EMEA
Chapters
Global Chapters
Form a Chapter
About
About CSA
Board
History
CSA Staff
CSA EMEA
Press Releases
News Coverage

CSA Security Trust
Assurance and
Risk (STAR)

Security on the Cloud Verified.

View the Registry
STAR Home
STAR Levels
Registry
Submit To Registry
STAR Tools
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
Verify a Provider
Resources
STAR Auditors
Contact Us
Home
STAR

Cloud Service Providers

STAR enables solution providers to validate their cloud security and offer proof to current and future customers of the controls in place.

Learn More
 

Cloud Customers

STAR lets cloud customers assess which organizations meet the level of assurance they require and gain insight into the controls in place to protect their data.

Learn More
 

Auditors & Consultants

With STAR auditors can grow IT assurance business as a certified leader in cloud-specific security assurance.

Learn More
Approved assessment firms

About the STAR Program

The industry's most powerful program for security assurance in the cloud.

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.

STAR Foundation Tools

Security

Cloud Controls Matrix

The only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations, CCM is currently considered a de-facto standard for cloud security assurance and compliance.

 

CAIQ

CAIQ is a set of Yes/No questions for cloud consumers and auditors to assess the security capabilities of a cloud service provider. Cloud providers fill this in to complete the STAR Level 1 Self-Assessment.

 

Privacy

GDPR Code of Conduct

Contains all the necessary requirements a Cloud Service Provider has to satisfy in order to comply with the EU GDPR. Created in collaboration with representatives from the EU national data protection authorities, this code assists organizations in adhering to the European General Data Protection Regulation.

 

Industry Support

Coalfire and Coalfire ISO, the accredited certification body arm of Coalfire, began offering STAR™ attestation and certification services as part of its product catalog in response to increasing customer requests. As part of feedback reviews, Coalfire determined that many of our clients were seeking guidance pertaining to assurance programs that would address compliance in the cloud. While other baseline security standards can be vague when addressing shared responsibilities between the cloud provider and cloud user, the Cloud Controls Matrix (CCM) understands that relationship and enforces design requirements for both parties before rating the degree of conformity for any given objective.

David Forman
Senior Director, Coalfire

The STAR program is the absolute benchmark on cloud provider security -- covering a full range of aspects together in a leveled scale, allowing cloud providers to differentiate on their cloud security in a transparent manner. Ultimately, transparency at the cloud provider communicates the risks faced by the cloud user to the cloud user, which in turn enables the cloud user to prioritize resources in fulfilling their own requirements and responsibilities. The STAR program effectively facilitates a better relationship between cloud providers and cloud users: this is a unique aspect that cannot be replicated by other cloud security schemes.

Ronald Tse
Founder and CEO, Ribose Inc.

CSA STAR Certification is an assurance framework, enabling cloud service providers to embed cloud-specific security controls. The maturity model brings a continual focus on addressing the changing risk of this technology, which aligns with BSIs commitment to helping clients make excellence a habit. Our work with the CSA helps us drive the cloud security agenda and ensure STAR Certification remains aligned with the fast-moving industry developments.

Willibert Fabritius
Global Product Champion, Information Security, Business Continuity, BSI Group