Browse Resources
![]() | Code of Practice for Implementing STAR Level 2 This Code of Practice shows how you can apply the CCM control set in your organization to reach STAR Level 2 third party certification/attestation and als... Request to download |
![]() | STAR Level 1: Security Questionnaire (CAIQ v4) The STAR Level 1: Security Questionnaire (CAIQ v4) offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services,... Request to download |
![]() | STAR Enabled Solution | CSA - OneTrust VRM Tool The CSA-OneTrust Vendor Risk Management (VRM) tool automates the entire vendor management lifecycle, including onboarding and offboarding vendors, triaging v... Request to download |
![]() | CSA STAR Level 3 Focus Group Charter The CSA STAR Level 3 Focus Group will advise on the scope, objectives, structure, go-to-market (GTM) strategy and value proposition for STAR Level 3. Thi... Request to download |
![]() | CSA STAR Certification Intake Form The CSA STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider. The technology-neutral certification... Request to download |
![]() | Value of STAR Level 1 for Cloud Customers - Letter Template Use this letter template to help explain why your organization decided to use STAR Level 1 to minimize multiple customer questionnaires and increase trans... Request to download |
![]() | PLA Code of Conduct (CoC): Statement of Adherence Self-Assessment CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f... Request to download |
![]() | Guidance for submitting the CSA Code of Conduct (CoC) for GDPR Compliance Self-Assessment The CSA CoC for GDPR Compliance Self-Assessment is the voluntary publication of a CSP’s self-assessment results based on the requirements specified in the PL... Request to download |
![]() | Transition to CAIQ v3.1 This is a CSA Global Technical Notification with regard to the release of the new version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. ... Request to download |
![]() | Cloud Controls Matrix v3.0.1 The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations... Request to download |
![]() | CCM and CAIQ v3 (Japanese Translations) This localized version of this publication was produced from the original source material (CCM, CAIQ) through the efforts of chapters and volunteers but t... Request to download |
![]() | STAR Provider Verification Template If you don’t already see your provider listed on the STAR registry submit a request to have them verified. Download this letter template and send it to your ... Request to download |
![]() | STAR Overview PDF The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumer... Request to download |
![]() | Publicizing Your STAR Certification The following guidelines will help you to apply good practice in publicizing, communicating and promoting your certification to stakeholders, including staff... Request to download |