CSA Security Trust
Assurance and
Risk (STAR)

Security on the Cloud Verified.


Cloud Service Providers

STAR enables solution providers to validate their cloud security and offer proof to current and future customers of the controls in place.


Cloud Customers

STAR lets cloud customers assess which organizations meet the level of assurance they require and gain insight into the controls in place to protect their data.


Auditors & Consultants

With STAR auditors can grow IT assurance business as a certified leader in cloud-specific security assurance.

About the STAR Program

The industry's most powerful program for security assurance in the cloud.

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.

STAR Foundation Tools


Cloud Controls Matrix

The only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations, CCM is currently considered a de-facto standard for cloud security assurance and compliance.



CAIQ is a set of Yes/No questions for cloud consumers and auditors to assess the security capabilities of a cloud service provider. Cloud providers fill this in to complete the STAR Level 1 Self-Assessment.



GDPR Code of Conduct

Contains all the necessary requirements a Cloud Service Provider has to satisfy in order to comply with the EU GDPR. Created in collaboration with representatives from the EU national data protection authorities, this code assists organizations in adhering to the European General Data Protection Regulation.


Industry Support