This group has been merged with the CCM Working Group. Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The CSA Consensus Assessments (CAIQ) working ...

This working group aims to develop Zero Trust standards to achieve consistency for cloud, hybrid and mobile endpoint environments. The topic of group discourse include Zero Trust benefits, ...

This group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud ...

Cloud computing offers tremendous benefits in agility, resiliency, economy, and security. However, the security benefits only appear if you adopt cloud-native models and adjust your architectures and ...

Along with releasing updated versions of the CCM and CAIQ, this working group provides addendums, control mappings and gap analysis between the CCM and other research releases, industry standards, and ...

The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of ...

Written by Troy Leach, Chief Strategy Officer (CSO), CSA. We require a modern approach to accurately assess our use of current technology. This month marks 25 years since I managed my first ...

Please download and import the following iCalendar (.ics) files to your calendar system.

CSA EMEA Congress 2019 TBD June 3, 2019 Download presentations CSA Colorado Chapter Forum 2019 TBD June 3, 2019 Download presentations CSA Summit at (ISC)² Security Congress 2019 TBD June 3, 2019 ...

In Chapter 1 of this series about considerations when building cloud-native applications, we introduced various topics such as business requirements, infrastructure considerations, automation, ...

This group aims to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions ...

An IEEE standard for local and metropolitan area networks–Port-Based Network Access Control. IEEE 802 LANs are deployed in networks that convey or provide access to critical data, that support mission ...