CSA Research Publications
Whitepapers, Reports and Other Resources
Browse Publications
 | CAIQ Translation in 10 Languages Release Date: 05/07/2020 Cloud Security Alliance (CSA) in the context of an agreement with OneTrust has translated the Consensus Assessments Initiative Questionnaire (CAIQ) v3.0.1 in... Request to download |
 | Cloud Industrial Internet of Things (IIoT) - Industrial Control Systems Security Glossary Release Date: 05/05/2020 The Industrial Control Systems (ICS) Security Glossary is a reference document that brings together ICS and IT/OT related terms and definitions. Bringing t... Request to download |
 | Cloud Incident Response Framework – A Quick Guide Release Date: 04/21/2020 What this Quick Guide aims to do is to distill and give readers an overview of key contributions of the work currently undertaken in the CIR WG, towards a co... Request to download |
![Consensus Assessment Initiative Questionnaire (CAIQ) v3.1 [No Longer Accepted]](https://cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTc3MjEsInB1ciI6ImJsb2JfaWQifX0=--846e63ecb5438faa0471cb729b8fd20217573428/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJyZXNpemVfdG9fbGltaXQiOlsyMjUsMzAwXX0sInB1ciI6InZhcmlhdGlvbiJ9fQ==--ed3d8b3503f8660626bf50138e90f4b6f3228621/CAIQ-No-Longer-Accepted.png) | Consensus Assessment Initiative Questionnaire (CAIQ) v3.1 [No Longer Accepted] Release Date: 04/01/2020 Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. The CAIQ offers an i... Request to download |
 | Managing the Risk for Medical Devices Connected to the Cloud Release Date: 03/16/2020 With the increased number of Internet of Things devices, Healthcare Delivery Organizations are experiencing a digital transformation bigger than anything in ... Request to download |
 | PLA Code of Practice Template Annex 1 (Updated - March 2020) Release Date: 03/12/2020 CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f... Request to download |
 | Software-Defined Perimeter ARCHITECTURE GUIDE - Japanese Translation Release Date: 03/11/2020 Software Defined Perimeter (SDP) Architecture Guide is designed to leverage proven, standards-based components to stop network attacks against application in... Request to download |
 | Best Practices for Implementing a Secure Application Container Architecture - Japanese Translation Release Date: 02/27/2020 Application containers and a microservices architecture are being used to design, develop and deploy applications leveraging agile software development appro... Request to download |
 | Best Practices in Implementing a Secure Microservices Architecture Release Date: 02/24/2020 Application containers and a microservices architecture are being used to design, develop, and deploy applications leveraging agile software development appr... Request to download |
 | The Six Pillars of DevSecOps: Collective Responsibility Release Date: 02/21/2020 The DevSecOps Working Group identified and defined six focus areas critical to integrating DevSecOps into an organization, in accordance with the six pillars... Request to download |
 | Cloud Usage in the Financial Services Sector Release Date: 02/21/2020 This survey was created and completed by members of the the Financial Services Stakeholders Platform, a CSA working group whose main objective is to identify... Request to download |
| CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications Release Date: 01/29/2020 This document is an addendum to the CCM V3.0.1 and contains a controls mapping and gap analysis between the CSA CCM and CSA's research artifact "Cloud OS Sec... Request to download |
 | Critical Controls Implementation for SAP Release Date: 01/06/2020 The Critical Controls Implementation for SAP is the first in a series of implementation documents that the CSA ERP Security Working Group aims to develop. Th... Request to download |
 | Privacy Level Agreement Working Group Charter Release Date: 11/29/2019 The Cloud Security Alliance would like to invite you to review and comment on the updated Privacy Level Agreement Working Group Charter. The Privacy Level A... Request to download |
| CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) report Release Date: 11/27/2019 This document contains a mapping and gap analysis between the cloud security requirements of CCM V3.0.1 and those of the Reserve Bank of India (RBI)’s Gopala... Request to download |
| Beyond the General Data Protection Regulation (GDPR) Release Date: 11/19/2019 Data residency insights from around the world. This study reveals the top data protection concerns and strategies of more than 800 senior business profession... Request to download |
| Code of Conduct (CoC): Statement of Adherence 3rd Party Certification Release Date: 11/19/2019 CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f... Request to download |
| PLA Code of Conduct (CoC): Statement of Adherence Self-Assessment Release Date: 11/19/2019 CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU’s GDPR. The CSA PLA Code of Conduct f... Request to download |
| Guidance for submitting the CSA Code of Conduct (CoC) for GDPR Compliance Self-Assessment Release Date: 11/19/2019 The CSA CoC for GDPR Compliance Self-Assessment is the voluntary publication of a CSP’s self-assessment results based on the requirements specified in the PL... Request to download |
 | Guideline on Effectively Managing Security Service in the Cloud - Japanese Translation Release Date: 11/18/2019 This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a... Request to download |