cloudsecurityalliance.org /research/artifacts/
Research Publications | CSA
Active Web Watch
cloudsecurityalliance.org /research/artifacts/
Research Publications | CSA
Active Web Watch
CCM v4.0 Addendum - ECUC PP v2.1 This document is an addendum to the 'ECUC Position Paper v2.1 (ECUC PP v2.1) that contains controls mapping between the CSA CCM v4.0 and the ECUC PPv2.1. ... Request to download |
Map the Transaction Flows for Zero Trust The NSTAC Report to the President on Zero Trust defines five steps to implementing a Zero Trust security strategy. This publication provides guidance on e... Request to download |
AI Risk Management: Thinking Beyond Regulatory Boundaries While artificial intelligence (AI) offers tremendous benefits, it also introduces significant risks and challenges that remain unaddressed. A comprehensiv... Request to download |
Top Concerns With Vulnerability Data The top vulnerability management frameworks used today include the Common Vulnerabilities and Exposures (CVE) program and the Common Vulnerability Scoring... Request to download |
The State of Non-Human Identity Security Non-human identities (NHIs) include bots, API keys, service accounts, OAuth tokens, and secrets. These identities keep today’s organizations running smoot... Request to download |
The State of Multi-Cloud Identity Survey Enterprises encounter significant obstacles when adopting multi-cloud. Namely, harmonizing hybrid and cloud identity systems for secure integration. Ident... Request to download |
Zero Trust Guidance for Critical Infrastructure In most nations, the health of public services relies on secure and resilient Critical Infrastructure. We call these infrastructures "critical" because th... Request to download |
Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
AI Organizational Responsibilities - Governance, Risk Management, Compliance and Cultural Aspects Continuing CSA's efforts to address the evolving AI landscape, this latest publication covers AI governance, risk management, and culture. Understand vari... Request to download |
NIST CSF v2 Cloud Community Profile - Based on CCM v4 The CSFv2.0 Cloud Community Profile aligns the Cloud Controls Matrix (CCM) version 4.0 with the Cybersecurity Framework (CSF) version 2.0 by mapping equiv... Request to download |
Confidential Computing Working Group Charter 2024 The working group is tasked with exploring and implementing Confidential Computing technologies to enhance data security across various industries. This g... Request to download |
CSA Large Language Model (LLM) Threats Taxonomy This document aims to align the industry by defining key terms related to Large Language Model (LLM) risks and threats. Establishing a common language red... Request to download |
AI in Medical Research: Applications & Considerations The advent of artificial intelligence (AI) has brought about a paradigm shift in numerous fields. AI technologies can process vast amounts of data, recogn... Request to download |
AI Organizational Responsibilities - Core Security Responsibilities - Korean Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
AI Resilience: A Revolutionary Benchmarking Model for AI Safety - Japanese Translation This localized version of this publication was produced from the original source material through the efforts of chapters and volunteers but the translate... Request to download |
Don’t Panic! Getting Real About AI Governance The excitement around Generative AI and its potential business value continues to grow. A major factor is AI systems' emerging capability to mimic human-l... Request to download |
Data Privacy Engineering Working Group Charter 2024 The Data Privacy Engineering Working Group (DPE WG) is chartered with the mission to integrate privacy-centric methodologies into development workflows, a... Request to download |
Fully Homomorphic Encryption Working Group Charter 2024 Through the use and deployment of cryptographic libraries, specialist software toolchains, and dedicated hardware and infrastructure, Fully Homomorphic En... Request to download |
Securing LLM Backed Systems: Essential Authorization Practices Organizations are increasingly leveraging Large Language Models (LLMs) to tackle diverse business problems. Both existing companies and a crop of new star... Request to download |
Informative Reference Details for the Mapping of CCM v4 to NIST CSF v2 The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices for securing cloud... Request to download |
Cloud Controls Matrix and CAIQ v4 The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto s... Request to download |
Quantum-Safe Security Governance with the Cloud Controls Matrix For the last decade or so there have been major developments in the quantum and post-quantum cryptography spaces. The time has come for enterprise IT depa... Request to download |
AI Model Risk Management Framework Sophisticated machine learning (ML) models present exciting opportunities in fields such as predictive maintenance and smart supply chain management. Whil... Request to download |
Security Guidance for Critical Areas of Focus in Cloud Computing v5 Cloud computing has firmly cemented its place as the foundation of the information security industry. The Cloud Security Alliance’s Security Guidance v5 i... Request to download |
Strengthening Research Integrity with High-Performance Computing (HPC) Security High-Performance Computing (HPC) systems aggregate computing resources to gain performance greater than that of a single workstation. HPC systems have bec... Request to download |