CSA STAR Certification Overview

•

1 like•659 views

In the last 12 months, the Cloud Security Alliance (CSA) has made great strides in enhancing their CSA Security, Trust and Assurance Registry (STAR) Program. In brief, the STAR Program is a publicly available registry designed to recognize assurance requirements and maturity levels of cloud service providers (CSPs).

Technology

What is the
CSA STAR Program?
Publicly available registry designed to
recognize assurance requirements and
maturity levels of cloud service providers

CSA STAR
Certification
Third party independent assessment of
the security of a CSP that leverages the
requirements of the ISO 27001

The CSA STAR
Certification Assessment
1. CSP must have an active ISO 27001
certification or performed in tandem
with an ISO 27001 assessment
2. Must be performed by an accredited
CSA certification body

The Evaluation
Maturity against 5 management principles:
1. Communication and Stakeholder Engagement
2. Policies,Plans and Procedures, and a SystematicApproach
3. Skills and Expertise
4. Ownership, Leadership, and Management
5. Monitoring and Measuring

1. Maturity level for each CCM security
domain is rated 1 to 15
2. Then averaged and results in an
overall maturity score
The Evaluation

CSP can achieve either no award, a bronze
award, a silver award, or a gold award.
Once an award is issued the CSP can
register with the CSA STAR Registry.
The Results & Registration

1. External communication of an active
security program
2. Further reassurance of an established
maturely level within CCM security
domains
3. Identify further opportunities to
increase overall maturity level
Benefits

1. ISO 27001 Certificate is mandatory or
must be in tandem
2. Focus is on the management principles
and maturity not CCM controls
3. Formal control testing is not required
4. Deliverable is only a certificate
5. Subjective maturity score
Drawbacks

More from Schellman & Company

Privacy is a growing concern in today’s compliance environment. Existing and new requirements continue to push for organizations to properly address their privacy risk. As a cloud provider, there is no better way to help ensure that an organization is serious about their customers and their customers’ data than to include the control requirements from ISO 27018 into their compliance stack.

Privacy in the Cloud- Introduction to ISO 27018

Schellman & Company

With all of the acronyms and numbers, it is challenging to determine what is what in the world of cyber security and compliance. In the government space, the National Institute of Standards (NIST) has been the key body for identifying and determining standards related to protecting critical infrastructure and government data. Participants will walk away more conversant in the alphabet soup of NIST requirements and how they apply to these various programs. This presentation: • Provides a deep dive in the the similarities and differences between standards such as NIST 800-53, 800-171, and frameworks such as the cybersecurity framework • How these standards and frameworks apply to FedRAMP, CJIS, and very specific programs covering data like the Death Master File (DMF)

Demystifying the Cyber NISTs

Schellman & Company

Determining Scope for PCI DSS Compliance

Schellman & Company

A new transatlantic data transfer framework is changing the way U.S. companies handle, transfer and store data from EU citizens. Now, American companies face stronger obligations to protect this data, and if your company handles or wants to handle personal data from the EU, it will have to prove it meets the requirements of Privacy Shield. If the idea of understanding and complying with Privacy Shield seems overwhelming, or you just want to learn more about it, we’re here to help. In this deck we cover: • How Privacy Shield differs from Safe Harbor • The 2 options you have to prove you’re compliant • The principles of Privacy Shield, and more

Privacy shield: What You Need To Know About Storing EU Data

Schellman & Company

Everything You Need To Know About SOC 1

Schellman & Company

FedRAMP is the federal government's risk and security assessment program for cloud-based services as part of the cloud-first initiative, and is designed to make the assessment process more efficient by providing a "do once, use many times" framework. If you work with or want to work with federal agencies, your organization will need to be FedRAMP compliant. On this webinar, you will: • Learn the background and overview of the FedRAMP program • Take a deep dive of the assessment process • Discover the benefits and challenges companies experience during the assessment process

Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...

Schellman & Company

Security risks associated with payment applications have never been greater or more publicized. The Payment Application Data Security Standard (PA-DSS) and application penetration testing under the broader PCI DSS requirement 11.3 both aim to address application threat vectors, albeit through different tools and mechanisms. In this presentation, we will cover: • An overview of PA-DSS and application penetration testing • The shared elements and compare and contrast some of the more detailed differences • The requirements, where they apply, and how they play a role in securing payment applications

PA-DSS and Application Penetration Testing

Schellman & Company

Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity, increase efficiency and better manage medical expenses. The HITRUST Common Security Framework: A way to protect electronic health information. The HITRUST Common Security Framework (CSF) was developed to address the myriad of security, privacy and regulatory challenges facing healthcare organizations and their sub-service providers. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF assists organizations address these challenges through a comprehensive framework of prescriptive and scalable security control. Topics covered in clude: • A background and overview of the CSF program • Understanding and leveraging the CSF • Standards and regulations mapping • Implementing the CSF • Third party certification • The benefits and challenges

Get Ready Now for HITRUST 2017

Schellman & Company

ISO/IEC 27001:2013 (ISO 27001) is the internationally recognized standard that outlines the requirements for constructing a risk-based framework to initiate, implement, maintain, and manage information security within an organization. This slidehow will cover: • Background and Overview • Provide an overview of the ISMS • Review the ISMS implementation considerations • Provide the ISMS transition considerations • Discuss the Annex A Mapping • Provide timing and expectations

STAND OUT: Why You Should Become ISO 27001 Certified

Schellman & Company

ISO 27017 /27018 is the first international code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII). Discover: • Background of ISO 27017 and 27018 • Scope and Purpose • Comparison with ISO 27001 and 27002 • Future of ISO 27017 with ISO 27018 • Challenges and Benefits • Certification Process and Next Steps

Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

Schellman & Company

SOC 2 and You

Schellman & Company

Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity, increase efficiency and better manage medical expenses. The HITRUST Common Security Framework (CSF) was developed to address the myriad of security, privacy and regulatory challenges facing healthcare organizations and their sub-service providers. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the CSF assists organizations address these challenges through a comprehensive framework of prescriptive and scalable security control.

Hitrust: Navigating to 2017, Your Map to HITRUST Certification

Schellman & Company

The SOC 2 examination's popularity has dramatically increased since its inception. This is due to growing concerns regarding information security have heightened scrutiny of organization’s control infrastructure and driven the demand for attestation reports. Join BrightLine Principal, Debbie Zaller and Senior Manager, Doug Kanney during this free webinar - and learn how a SOC 2 examination can help your organization. Become familiar with the SOC 2's report objectives, learn about its structure and areas to focus, and benefit from some valuable lessons we've learned from extensive experience. This session will provide you with a: • Overview of the SOC 2 background • Definition of the AICPA Framework • Overview of the purpose and scope • Discussion of the common challenges and benefits • Requirements of the examination process • Discussion of the alignment with other standards

SOC 2: Build Trust and Confidence

Schellman & Company

To compete in today's marketplace, your customers must have trust and confidence in your environment. The popularity of the SOC 1 report has been amplified with an increase in outsourcing relationships and customer mandates for a stronger control environment. * Review of the background and history * Definition of the AICPA Framework * Overview of the purpose and scope * Discussion of boundaries and benefits * Requirements of the examination process * Outline the anatomy of the report

SOC 1 Overview

Schellman & Company

12 Steps to Preparing for a QAR

Schellman & Company

EPCS Overview

Schellman & Company

PCI DSS 3.0 Overview and Key Updates

Schellman & Company

10 Steps Toward FedRAMP Compliance

Schellman & Company

Your've Been Hacked in Florida! Now What?

Schellman & Company

More from Schellman & Company (19)

Privacy in the Cloud- Introduction to ISO 27018

Demystifying the Cyber NISTs

Determining Scope for PCI DSS Compliance

Privacy shield: What You Need To Know About Storing EU Data

Everything You Need To Know About SOC 1

Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...

PA-DSS and Application Penetration Testing

Get Ready Now for HITRUST 2017

STAND OUT: Why You Should Become ISO 27001 Certified

Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018

SOC 2 and You

Hitrust: Navigating to 2017, Your Map to HITRUST Certification

SOC 2: Build Trust and Confidence

SOC 1 Overview

12 Steps to Preparing for a QAR

EPCS Overview

PCI DSS 3.0 Overview and Key Updates

10 Steps Toward FedRAMP Compliance

Your've Been Hacked in Florida! Now What?

Recently uploaded

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Recently uploaded (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

CNIC Information System with Pakdata Cf In Pakistan

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Artificial Intelligence Chap.5 : Uncertainty

Apidays New York 2024 - The value of a flexible API Management solution for O...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Strategies for Landing an Oracle DBA Job as a Fresher

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Understanding the FAA Part 107 License ..

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

CSA STAR Certification Overview

2. What is the CSA STAR Program? Publicly available registry designed to recognize assurance requirements and maturity levels of cloud service providers

3. CSA STAR Certification Third party independent assessment of the security of a CSP that leverages the requirements of the ISO 27001

4. The CSA STAR Certification Assessment 1. CSP must have an active ISO 27001 certification or performed in tandem with an ISO 27001 assessment 2. Must be performed by an accredited CSA certification body

5. The Evaluation Maturity against 5 management principles: 1. Communication and Stakeholder Engagement 2. Policies,Plans and Procedures, and a SystematicApproach 3. Skills and Expertise 4. Ownership, Leadership, and Management 5. Monitoring and Measuring

6. 1. Maturity level for each CCM security domain is rated 1 to 15 2. Then averaged and results in an overall maturity score The Evaluation

7. CSP can achieve either no award, a bronze award, a silver award, or a gold award. Once an award is issued the CSP can register with the CSA STAR Registry. The Results & Registration

8. 1. External communication of an active security program 2. Further reassurance of an established maturely level within CCM security domains 3. Identify further opportunities to increase overall maturity level Benefits

9. 1. ISO 27001 Certificate is mandatory or must be in tandem 2. Focus is on the management principles and maturity not CCM controls 3. Formal control testing is not required 4. Deliverable is only a certificate 5. Subjective maturity score Drawbacks

10. Learn More About CSA STAR >

CSA STAR Certification Overview

Recommended

Recommended

More Related Content

More from Schellman & Company

More from Schellman & Company (19)

Recently uploaded

Recently uploaded (20)

CSA STAR Certification Overview