The CSA Open Certification Framework is an industry initiative to
allow global, accredited, trusted certification of cloud providers.
The CSA Open Certification Framework is a program for flexible,
incremental and multi-layered cloud provider certification according to
the Cloud Security Alliance’s industry leading security guidance and
control objectives.
The program will integrate with popular third-party assessment
and attestation statements developed within the public accounting
community to avoid duplication of effort and cost.
The CSA Open Certification Framework is based upon the control
objectives and continuous monitoring structure as defined within the CSA
GRC (Governance, Risk and Compliance) Stack research projects.
The CSA Open Certification Framework will support several
tiers, recognizing the varying assurance requirements and maturity
levels of providers and consumers. These will range from the CSA
Security, Trust and Assurance Registry (STAR) self-assessment to
high-assurance specifications that are continuously monitored.
The CSA Open Certification Framework provides:
- A path for any region to address compliance concerns with trusted, global best practices. For example, we expect governments to be heavy adopters of the CSA Open Certification Framework to layer their own unique requirements on top of the GRC Stack and provide agile certification of public sector cloud usage.
- An explicit guidance for providers on how to use GRC Stack tools for multiple certification efforts. For example, scoping documentation will articulate the means by which a provider may follow an ISO/IEC 27001 certification path that incorporates the CSA Cloud Controls Matrix (CCM).
- A "recognition scheme" that would allow us to support ISO, AICPA and potentially others that incorporate CSA IP inside of their certifications/framework. CSA supports certify-once, use-often, where possible.
Document | Version | Release Date | Download |
---|---|---|---|
OCF Vision Statement | 1 | 08/17/2012 | Download (docx) |
cloudsecurityalliance.org
Link relacionado:
- BSI se asocia con la Cloud Security Alliance
No hay comentarios:
Publicar un comentario