This technology-neutral certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix.
The Cloud Security Alliance (CSA) is a nonprofit organization. It defines best practices in the establishment, maintenance and use of cloud services. The assessments are based on the following components:
- Cloud Controls Matrix (CCM): It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology to help cloud customers assess the overall security risk of a CSP.
- Consensus Assessments Initiative Questionnaire (CAIQ): a set of more than 300 questions based on the CCM that a customer or cloud auditor may want to ask of CSPs to assess their compliance with CSA best practices.
The registry can accessed at https://cloudsecurityalliance.org/star/registry/
The Level 1 is a self-assessment. The Level 2 STAR certification can be achieved through a Third-Party Audit. Level 2 of STAR allows organizations to build off of other industry certifications and standards to make them specific for the cloud. Organizations looking for a third-party audit can choose from one or more of the security and privacy audits and certifications. An organization’s location, along with the regulations and standards it is subject to will have the greatest factor in determining which ones are appropriate to pursue.
Organizations should pursue this level if they are
- Operating in a medium to high risk environment,
- Already hold or adhere to the following: ISO27001, SOC 2, GB/T 22080-2008, or GDPR, and
- Looking for a cost-effective way to increase assurance for cloud security and privacy as well as gain a competitive advantage in the market.
Cloud Security Alliance: A Roadmap to Certification Webinar
Neelov Kar, Lead Auditor, presents the details of CSA certification in an interactive format. Neelov has extensive experience in auditing information security worldwide and a strong understanding of Cloud Security. Neelov was interviewed by Sandeep Pauddar, DQS Inc. IT Sector Manager, about CSA STAR certification and how to chart a road map for certification.