In the last 12 months, the Cloud Security Alliance (CSA) has made great strides in enhancing their CSA Security, Trust and Assurance Registry (STAR) Program.
In brief, the STAR Program is a publicly available registry designed to recognize assurance requirements and maturity levels of cloud service providers (CSPs).
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
CSA STAR Certification Overview
1.
2. What is the
CSA STAR Program?
Publicly available registry designed to
recognize assurance requirements and
maturity levels of cloud service providers
4. The CSA STAR
Certification Assessment
1. CSP must have an active ISO 27001
certification or performed in tandem
with an ISO 27001 assessment
2. Must be performed by an accredited
CSA certification body
5. The Evaluation
Maturity against 5 management principles:
1. Communication and Stakeholder Engagement
2. Policies,Plans and Procedures, and a SystematicApproach
3. Skills and Expertise
4. Ownership, Leadership, and Management
5. Monitoring and Measuring
6. 1. Maturity level for each CCM security
domain is rated 1 to 15
2. Then averaged and results in an
overall maturity score
The Evaluation
7. CSP can achieve either no award, a bronze
award, a silver award, or a gold award.
Once an award is issued the CSP can
register with the CSA STAR Registry.
The Results & Registration
8. 1. External communication of an active
security program
2. Further reassurance of an established
maturely level within CCM security
domains
3. Identify further opportunities to
increase overall maturity level
Benefits
9. 1. ISO 27001 Certificate is mandatory or
must be in tandem
2. Focus is on the management principles
and maturity not CCM controls
3. Formal control testing is not required
4. Deliverable is only a certificate
5. Subjective maturity score
Drawbacks