Cloud Controls Matrix

The Cloud Security Alliance (CSA), in collaboration with MongoDB, GuidePoint Security, and the SaaS Working Group, is inviting cloud organizations and security experts to participate in an open peer review of the SaaS Security Controls Final Draft. 

This initiative aims to address inconsistencies in security capabilities across SaaS vendors by defining key configurable technical security features that should be supported. The peer review will assess the controls' practicality, completeness, and industry applicability, ensuring they are both robust and widely adoptable.  

Important dates:
Pre-review call: February 25th
Open Peer Review start date: March 5th

The call on Feb 25th serves as a pre-review session, providing industry experts with a detailed walkthrough of the project's scope, objectives, Final Draft of SaaS controls, and development approach. The goal is to align participants on the intent and structure of the controls, equipping them with the necessary context to provide meaningful feedback during the review process.

If you'd like to be added to the attendee list for the pre-review walkthrough call, please reach out to me and I will send you the invite to the call. Stay tuned for additional details on the peer review announcement.

The peer review of the Final Draft starts on March 5th, , the controls will be made available for review and will be accessible from CSA's website (https://cloudsecurityalliance.org/research/contribute#peer-reviews). 

------------------------------
[Lefteris] [Skoutaris]
[Cloud Controls Matrix, Program Manager]
[Cloud Security Alliance]
------------------------------

Kindly add me to the pre-review walkthrough call

------------------------------
Sonia Mishra
Sr. Security GRC Risk Specialist
Cloudflare Inc
------------------------------

Original Message:
Sent: Feb 19, 2025 01:44:03 AM
From: Lefteris Skoutaris
Subject: SaaS Technical Controls Development: Pre-Review Walkthrough & Open Peer Review

The Cloud Security Alliance (CSA), in collaboration with MongoDB, GuidePoint Security, and the SaaS Working Group, is inviting cloud organizations and security experts to participate in an open peer review of the SaaS Security Controls Final Draft. 

This initiative aims to address inconsistencies in security capabilities across SaaS vendors by defining key configurable technical security features that should be supported. The peer review will assess the controls' practicality, completeness, and industry applicability, ensuring they are both robust and widely adoptable.  

Important dates:
Pre-review call: February 25th
Open Peer Review start date: March 5th

The call on Feb 25th serves as a pre-review session, providing industry experts with a detailed walkthrough of the project's scope, objectives, Final Draft of SaaS controls, and development approach. The goal is to align participants on the intent and structure of the controls, equipping them with the necessary context to provide meaningful feedback during the review process.

If you'd like to be added to the attendee list for the pre-review walkthrough call, please reach out to me and I will send you the invite to the call. Stay tuned for additional details on the peer review announcement.

The peer review of the Final Draft starts on March 5th, , the controls will be made available for review and will be accessible from CSA's website (https://cloudsecurityalliance.org/research/contribute#peer-reviews). 

------------------------------
[Lefteris] [Skoutaris]
[Cloud Controls Matrix, Program Manager]
[Cloud Security Alliance]
------------------------------