.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Demonstrate cloud security assurance with the Cloud Security Alliance STAR program.The Cloud Security Alliance (CSA) Security, Trust, Assurance and Risk (STAR) program is a cloud-specific assurance framework. It is built on the Cloud Controls Matrix (CCM) and offers multiple levels of certification, from self-assessment to third-party audit, for cloud service providers.
CSA STAR is purpose-built for cloud service providers and is recognized globally as a mark of cloud security maturity.
Who needs CSA STAR?
Cloud service providers
SaaS, PaaS, and IaaS providers demonstrating security and transparency to customers.
Cloud customers
Organizations evaluating the security posture of their cloud vendors via the STAR Registry.
Key components
Cloud Controls Matrix
A cybersecurity control framework with domains covering all key cloud security areas.
STAR Level 1
Self-assessment based on the CCM and CAIQ, published to the public STAR Registry.
STAR Level 2
Third-party certification or attestation combined with ISO 27001 or SOC 2.
CAIQ
The Consensus Assessments Initiative Questionnaire for documenting CCM compliance.
How DSALTA helps with CSA STAR
Activate CSA STAR
Select CSA STAR from the Frameworks page. DSALTA maps Cloud Controls Matrix domains to controls.
Frequently asked questions
What is the Cloud Controls Matrix?
What is the Cloud Controls Matrix?
The CCM is CSA’s cybersecurity control framework for cloud computing, with control domains mapped to many other standards and regulations.
Can I combine STAR with SOC 2?
Can I combine STAR with SOC 2?
Yes. STAR Level 2 is often pursued alongside ISO 27001 or SOC 2, reusing much of the same evidence.