Blog Partner Programs Academy Contact us
Products
Compute Instances Managed Kubernetes DBaaS Object Storage Block Storage GPU Servers
All products
Marketplace
Pricing
Resources
Documentation API Integration Support
Changelog
Register
Products Compute Instances Managed Kubernetes DBaaS Object Storage Block Storage GPU Servers
All products
Marketplace
Pricing
Resources Documentation API Integration Support
What's new
CSA STAR

Cloud Security Alliance - Security, Trust, Assurance, and Risk (STAR)

Best practices for providing security assurance within cloud computing.
Access compliance center

What is the Cloud Security Alliance and the STAR program?

The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.”


The CSA’s mission is to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The CSA is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.


The CSA Cloud Controls Matrix (CCM) is a tool that provides a set of security controls and activities to help cloud computing service providers and their customers understand the security requirements and controls, and their relationships to each other. The Cloud Security Alliance have developed a self-assessment tool which is called the Consensus Assessments Initiative Questionnaire (CAIQ). The CAIQ can be used to conduct a self-assessment against the CCM. The CAIQ will generate a report which is a detailed description of the cloud vendor’s security controls and how these controls are applied.

FAQ

Who can use the Cloud Control Matrix?

The CCM can be used by cloud vendors and cloud customers.

Cloud vendors can use the CCM as a framework for building their own security control framework and it can be used as a starting point for their own security risk assessments.

A cloud vendor can demonstrate their maturity and ability to apply the CCM by self-assessing their security controls against the CCM and then providing this self-assessment to their customers.

Download additional compliance reports from the Exoscale compliance center.

Exoscale

Contact our Compliance Team

A doubt? Unsure if we comply to a specific regulation not listed here?

Contact our Compliance Team and let us know your requirements. It may be covered by other certifications or regulations we comply to.