Cloud Security Alliance Launches STAR Continuous, a Compliance Assessment Program for Cloud Service Providers

Chance to align security validation capabilities with cloud security
compliance gives enterprises a competitive edge

SAN FRANCISCO–(BUSINESS WIRE)–lt;a href=”” target=”_blank”gt;#assurancelt;/agt;–RSA CONFERENCE 2019 – The Cloud
Security Alliance
(CSA), the world’s leading organization dedicated
to defining and raising awareness of best practices to help ensure a
secure cloud computing environment, today announced STAR
Continuous Self Assessment
, the first release of an evolving
continuous-compliance assessment program for cloud services that gives
cloud service providers (CSPs) the opportunity to align their security
validation capabilities with cloud security compliance and certification
on an ongoing basis.

CSA STAR Continuous is an integral part of the CSA
STAR program
, the industry’s leading cloud governance and compliance
program that enables organizations to increase their levels of assurance
and transparency for security and privacy. STAR consists of three levels
of assurance (Self-Assessment, Third-Party Certification and Continuous
Auditing), based upon the
CSA Cloud Controls Matrix
(CCM), the Consensus
Assessments Initiative Questionnaire
(CAIQ), and the CSA
Code of Conduct for GDPR Compliance
. Future releases will be Level 2
Extended Certification with Continuous Self-Assessment and Level 3
Continuous Certification.

“In attempting to reduce the complexity and costs of traditional IT,
more organizations are evaluating cloud options first before making any
new IT investments. However, many CIOs remain apprehensive about
transferring services into the cloud—cyber security, ownership of data,
and privacy are key concerns. Simultaneously, security controls,
compliance, and the call for increased transparency are rapidly becoming
baseline expectations of users – especially enterprise customers. STAR
Continuous, which offers increased reliability of results, transparency
and ease of use of the CSP’s assurance reports will give enterprises a
competitive advantage in today’s environment,” said Daniele Catteddu,
CTO, Cloud Security Alliance.

Among its benefits, STAR Continuous gives CSPs the opportunity to:

  • update a STAR Self-Assessment on a monthly basis (STAR Continuous
  • support a third-party based certification (e.g. STAR Certification)
    with additional and updated information on the CSP security posture
    (STAR Certification/Attestation + STAR Continuous Self- Assessment);
  • establish a process to continuously audit a CSP security program or
    ISMS and offer proof of an ISMS that goes beyond the basic compliance
    certification model and for proof that there is a process in place
    that continually monitors critical aspects of the system (STAR
    Continuous Auditing).

In addition, it can help cloud service providers:

  • provide top management with greater visibility so they can evaluate
    the effectiveness of their management system in real-time in relation
    to expectations of internal, regulatory and the cloud security
    industry standards;
  • implement an audit that is designed to reflect how their
    organization’s objectives are aimed at optimizing the cloud services;
  • demonstrate progress and performance levels that go beyond the
    traditional “point in time” scenario; and
  • provide their customers with a greater understanding of the level of
    controls that are in place, along with their effectiveness.

CSA is committed to helping customers have a deeper understanding of
their security postures and to that end developed the CSA STAR Program
in 2011. Since that time, the organization has continued to invest
heavily in its success. Among the milestones:

  • CSA STAR Attestation, which combines the CSA’s best practices with SOC
    2 attestation reporting developed by the American Institute of CPAs
  • Governments and enterprises around the world referenced CSA STAR in
    2014 as a requirement for their RFPs.
  • CSA, in conjunction with Chinese certification body CEPREI, developed
    a version of CSA STAR for the Chinese market based on the CSA CCM and
    Chinese national standard GB/T 22080.
  • Enhancements to the CSA STAR web page to provide site visitors with an
    improved user experience.
  • Hiring of John DiMaria, formerly of the British Standards Institution
    (BSI). DiMaria was a key innovator and co-author of the CSA STAR
    Certification for cloud providers, in addition to designing and
    developing the CSA STAR webinars. Prior to joining CSA, DiMaria was an
    active volunteer where he was co-chair of the Open Certification
    Framework (OCF) and Cloud Trust Protocol (CTP) Working Groups.

To learn more or get started, download STAR
Continuous Technical Guidance

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization
dedicated to defining and raising awareness of best practices to help
ensure a secure cloud computing environment. CSA harnesses the subject
matter expertise of industry practitioners, associations, governments,
and its corporate and individual members to offer cloud
security-specific research, education, certification, events and
products. CSA’s activities, knowledge and extensive network benefit the
entire community impacted by cloud — from providers and customers, to
governments, entrepreneurs and the assurance industry — and
provide a forum through which diverse parties can work together to
create and maintain a trusted cloud ecosystem. For further information,
visit us at,
and follow us on Twitter @cloudsa.


Kari Walker for the CSA
ZAG Communications

error: Content is protected !!