miércoles, 12 de septiembre de 2012

Open Certification Framework

The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers.
The CSA Open Certification Framework is a program for flexible, incremental and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives.
The program will integrate with popular third-party assessment and attestation statements developed within the public accounting community to avoid duplication of effort and cost.
The CSA Open Certification Framework is based upon the control objectives and continuous monitoring structure as defined within the CSA GRC (Governance, Risk and Compliance) Stack research projects.
The CSA Open Certification Framework will support several tiers, recognizing the varying assurance requirements and maturity levels of providers and consumers. These will range from the CSA Security, Trust and Assurance Registry (STAR) self-assessment to high-assurance specifications that are continuously monitored.

The CSA Open Certification Framework provides:
  • A path for any region to address compliance concerns with trusted, global best practices. For example, we expect governments to be heavy adopters of the CSA Open Certification Framework to layer their own unique requirements on top of the GRC Stack and provide agile certification of public sector cloud usage.
  • An explicit guidance for providers on how to use GRC Stack tools for multiple certification efforts. For example, scoping documentation will articulate the means by which a provider may follow an ISO/IEC 27001 certification path that incorporates the CSA Cloud Controls Matrix (CCM).
  • A "recognition scheme" that would allow us to support ISO, AICPA and potentially others that incorporate CSA IP inside of their certifications/framework. CSA supports certify-once, use-often, where possible.
CSA wants to harmonize and simplifying provider certifications, not complicate them.

Document Version Release Date Download
OCF Vision Statement 1 08/17/2012 Download (docx)


Link relacionado: 
- BSI se asocia con la Cloud Security Alliance

No hay comentarios: