CSAIChaptersEventsBlog
Help shape industry research on deployment challenges, coverage gaps, and program effectiveness. Take the survey by July 16 →

CSA STAR Registry

Security, Trust, Assurance, and Risk Registry

Listings for Aranis

Listings for Aranis

Aranis is a SaaS platform for Third-Party Risk Management (TPRM) and Cyber Risk that centralizes third-party risk management for organizations across Latin America and the United States. The platform unifies multiple compliance and security frameworks — including NIST CSF, LGPD, GDPR, ISO 22301, SOC 2, and NIST AI RMF — into a single control catalog, enabling organizations to assess vendors, monitor their external attack surface, and generate consolidated maturity and risk reports. Unlike generic GRC tools, Aranis builds a causal chain between technical control and business impact, translating security findings into executive-level language. The product includes automated evidence collection, contradiction detection between questionnaire responses and observable technical data (DNS, TLS, DMARC), and maturity scoring by domain (Cyber, Privacy, Continuity, AI). Built on cloud-native infrastructure, Aranis applies security controls aligned with SOC 2 and LGPD/GDPR by design, with formalized policies, continuous vulnerability management (SAST/SCA), and environment segregation.

Aranis

Aranis is a SaaS platform for Third-Party Risk Management (TPRM) and Cyber Risk that centralizes third-party risk management for organizations across Latin A...

Listed Since: 2026-07-07

CAIQ
Offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the CSA Cloud Controls Matrix (CCM).