Announcements

STAR Enabled Solutions FAQ
Release Date: 2/1/23
Summary: A STAR Enabled Solution is a product or service that utilizes the CCM framework or the Consensus Assessment Initiative Questionnaire (CAIQ). Their technologies and tools have been assessed and found to meet the security requirements outlined by CSA. This vetting process allows enterprises to more easily deploy tools that align or comply with STAR, the CCM framework, and best practices.
Download this Resource → https://csaurl.org/1z3q00

Telesurgery Tabletop Guide Book
Release Date: 1/30/23
Summary: The purpose of this guidebook is to assist healthcare providers in planning and facilitating a discussion and evaluation of the procedural response actions to a security incident in which a Robotic Assisted Surgery (RAS) is targeted. This guidebook should accompany the CERT Attack Flows here in GitHub. Healthcare professionals should utilize this resource as a planning guide and checklist for each stage of exercise development. 
Download this Resource → https://csaurl.org/gedhma

CSA Data Lake Threat Modeling
Release Date: 1/26/23
Summary: As cloud platforms expand further and further into business uses, the need to understand the attack surface to your data becomes much more apparent. With the help from NTT Data and Marymount University, CSA has released for peer review our Data Lake threat modeling exercise spreadsheet. In this document, numerous elements of data lakes have been taken into consideration and have been applied a specific threat scenario. Each one of these scenarios has been applied to the STRIDE framework, as well as been provided countermeasures for possible corrections and controls. Lastly, you will be able to see the mapping of each threat scenario to its specific attack library framework. 
Download this Resource → https://csaurl.org/k15wcb

ACSP Training Course Outline | CSA
Release Date: 1/17/23
Summary: An outline of the topics covered and what you'll be building in the labs each day of the Advanced Cloud Security Practitioner (ACSP) Training. 
Download this Resource → https://csaurl.org/u4djra

Secure-by-default: Scaling your IaC Security Program
Date: 2/28/23
Time: 10:00 AM CST
Register Here → https://csaurl.org/s5m9e1

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

How to Automate Security, Governance & Privacy for Cloud Data Innovation
Date: 1/31/23
Time: 10:00 AM CST
Register Here → https://csaurl.org/fdvob2

ACSP Training Course Outline | CSA
Release Date: 1/17/23
Summary: An outline of the topics covered and what you'll be building in the labs each day of the Advanced Cloud Security Practitioner (ACSP) Training. 
Download this Resource → https://csaurl.org/u4djra

CSA Data Lake Threat Modeling
Release Date: 1/26/23
Summary: As cloud platforms expand further and further into business uses, the need to understand the attack surface to your data becomes much more apparent. With the help from NTT Data and Marymount University, CSA has released for peer review our Data Lake threat modeling exercise spreadsheet. In this document, numerous elements of data lakes have been taken into consideration and have been applied a specific threat scenario. Each one of these scenarios has been applied to the STRIDE framework, as well as been provided countermeasures for possible corrections and controls. Lastly, you will be able to see the mapping of each threat scenario to its specific attack library framework. 
Download this Resource → https://csaurl.org/k15wcb

CSA CCM v4.0 Addendum - Spain National Security Framework (ENS)
Release Date: 12/8/22
Summary: This document is an addendum to the CCM V4.0 that contains controls mapping between the CSA CCM and Spain's National Security Framework (ENS). The document aims to help ENS compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in ENS in relation to the CCM. This document contains the following information:
• Controls Mapping
• Gap Analysis
• Gap Identification (i.e., Partial, Full or No Gap)
Download this Resource → https://csaurl.org/1pcz2v

The Six Pillars of DevSecOps - Pragmatic Implementation
Release Date: 12/14/22
Summary: This document provides a high-level overview of the various tools and processes that should be considered when building out a successful DevSecOps program. It takes a wide range of DevSecOps activities and turns them into a cookbook for teams to reference when considering different approaches. It also is broken down to allow a reader with a specific role to hone in on the sections relevant to their area of expertise and responsibility. Follow-up papers will take this high-level overview, and provide specific guidance for various use-cases, as well as recommendations on which order to focus on implementation to see the greatest returns for the reader’s context. 
Download this Resource → https://csaurl.org/ik6g8n

Deconstructing Application Connectivity Challenges in a Complex Cloud Environment
Release Date: 12/14/22
Summary: The production and use of SaaS applications in organizations has grown exponentially over the past several years. Application Security has become an integral part of many organizations' security strategies. However, there are still many pain points organizations face with application connectivity security and risk management.
Download this Resource → https://csaurl.org/6frk22

Using Zero Trust to Mitigate Ransomware Threats
Date: 1/17/23
Time: 10:00 AM CST
Register Here → https://csaurl.org/vxbu5w

Crawl, Walk, Run: Operationalizing IaC Security
Date: 1/18/23
Time: 11:00 AM CST
Register Here → https://csaurl.org/bafyx2

Prioritizing Risk Among the Chaos of Cloud Development
Date: 1/19/23
Time: 11:00 AM CST
Register Here → https://csaurl.org/ainjft

CSP Perspective Working with Financial Services
Date: 1/20/23
Time: 10:00 AM CST
Register Here → https://csaurl.org/914urn

Proposal for a Standard Cloud Service Agreement Template
Open Until: 1/15/2023
Learn More → https://csaurl.org/77n68j

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

Panel: CISO’s Guide to Security Strategy During a Recession
Date: 1/9/23
Time: 12:00 PM CST
Register Here → https://csaurl.org/5topfv

Confidence in Software Supply Chains with Continuous Security
Date: 1/10/23
Time: 12:00 PM CST
Register Here → https://csaurl.org/liskze

Proposal for a Standard Cloud Service Agreement Template
Open Until: 1/15/2023
Learn More → https://csaurl.org/77n68j

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

CSA CCM v4.0 Addendum - Spain National Security Framework (ENS)
Release Date: 12/8/22
Summary: This document is an addendum to the CCM V4.0 that contains controls mapping between the CSA CCM and Spain's National Security Framework (ENS). The document aims to help ENS compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in ENS in relation to the CCM. This document contains the following information:
• Controls Mapping
• Gap Analysis
• Gap Identification (i.e., Partial, Full or No Gap)
Download this Resource → https://csaurl.org/1pcz2v

The Six Pillars of DevSecOps - Pragmatic Implementation
Release Date: 12/14/22
Summary: This document provides a high-level overview of the various tools and processes that should be considered when building out a successful DevSecOps program. It takes a wide range of DevSecOps activities and turns them into a cookbook for teams to reference when considering different approaches. It also is broken down to allow a reader with a specific role to hone in on the sections relevant to their area of expertise and responsibility. Follow-up papers will take this high-level overview, and provide specific guidance for various use-cases, as well as recommendations on which order to focus on implementation to see the greatest returns for the reader’s context. 
Download this Resource → https://csaurl.org/ik6g8n

Deconstructing Application Connectivity Challenges in a Complex Cloud Environment
Release Date: 12/14/22
Summary: The production and use of SaaS applications in organizations has grown exponentially over the past several years. Application Security has become an integral part of many organizations' security strategies. However, there are still many pain points organizations face with application connectivity security and risk management.
Download this Resource → https://csaurl.org/6frk22

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
Open Until: 12/18/2022
Learn More → https://csaurl.org/2zbqqg

ATT&CK & D3FEND with a CAVEAT
Open Until: 12/23/2022
Learn More → https://csaurl.org/sgwvdq

NTT Threat Modeling
Open Until: 12/23/2022
Learn More → https://csaurl.org/0rnvw2

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

Adobe CCF & FedRAMP Moderate: Building a Secure Compliant Environment
Date: 12/12/22
Time: 11:00 AM CST
Register Here → https://csaurl.org/txovqf

Continuously Monitoring First and Third Parties against the CCM Framework
Date: 12/13/22
Time: 12:00 PM CST
Register Here → https://csaurl.org/z3fvlf

Cloud Attacks Are Here: Threat Actors Like Containers Too!
Date: 12/14/22
Time: 12:00 PM CST
Register Here → https://csaurl.org/5e5zn3

Top Threats to Cloud Computing - Pandemic Eleven - Japanese Translation
Release Date: 11/16/22
Summary: The Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing. In this sixth installment, we surveyed 703 industry experts on security issues in the cloud industry. This year our respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report - the ‘Pandemic Eleven’. 
Download this Resource → https://csaurl.org/f6mo0a

Zero Trust as a Security Philosophy
Release Date: 11/14/22
Summary: This paper takes both a vendor-neutral and technology-solution-neutral look at what Zero Trust means for your organization and provides recommendations to develop a strategy and the supporting architecture that supports the organization and its workflows; aligning IT to business goals and outcomes.
Download this Resource → https://csaurl.org/x37jur

Telesurgery Tabletop Guide Book
Open Until: 12/16/2022
Learn More → https://csaurl.org/8ynvbi

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
Open Until: 12/18/2022
Learn More → https://csaurl.org/2zbqqg

ATT&CK & D3FEND with a CAVEAT
Open Until: 1/14/2023
Learn More → https://csaurl.org/sgwvdq

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

Cloud Key Management Topic Selection Survey
Length: 15 questions, 2 minutes
Deadline: December 10
Participate Here → https://csaurl.org/z97j95

Ermetic - How Does Your Cloud Security Compare, and Where Do You Go From Here?
Date: 12/5/22
Time: 6:00 PM UTC
Register Here → https://csaurl.org/dr0crt

Microsoft - Achieving the Principle of Least Privilege Across Multicloud with CIEM!
Date: 12/6/22
Time: 10:00 AM CST
Register Here → https://csaurl.org/nemtcm

AppOmni - Is PHI Secure in SaaS Applications - And Their Ecosystems?
Date: 12/7/22
Time: 1:00 PM CST
Register Here → https://csaurl.org/adcdwe

Rubrik - A Fireside Chat: The Human Effects of Cybercrime
Date: 12/8/22
Time: 1:00 PM CST
Register Here → https://csaurl.org/29hfbr

Top Threats to Cloud Computing - Pandemic Eleven - Japanese Translation
Release Date: 11/16/22
Summary: The Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing. In this sixth installment, we surveyed 703 industry experts on security issues in the cloud industry. This year our respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report - the ‘Pandemic Eleven’. 
Download this Resource → https://csaurl.org/f6mo0a

Zero Trust as a Security Philosophy
Release Date: 11/14/22
Summary: This paper takes both a vendor-neutral and technology-solution-neutral look at what Zero Trust means for your organization and provides recommendations to develop a strategy and the supporting architecture that supports the organization and its workflows; aligning IT to business goals and outcomes.
Download this Resource → https://csaurl.org/x37jur

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 12/07/2022
Learn More → https://csaurl.org/r47b8i

Telesurgery Tabletop Guide Book
Open Until: 12/16/2022
Learn More → https://csaurl.org/8ynvbi

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
Open Until: 12/18/2022
Learn More → https://csaurl.org/2zbqqg

State of Financial Services 2022
Length: 31 questions, 10 minutes
Deadline: Nov 30
Participate Here → https://csaurl.org/dbmy7d

Cloud Key Management Topic Selection Survey
Length: 15 questions, 2 minutes
Deadline: December 10
Participate Here → https://csaurl.org/z97j95

CSA is excited to launch the Trusted Cloud Consultant (TCC) Program designed to connect enterprise organizations with qualified professional consulting services. The TCC Program allows cybersecurity consulting organizations and professionals to enhance cloud relevance by enabling them with a broad understanding of CSA’s tools and best practices. Trusted Cloud Consultants are qualified sources that are able to provide cloud security assessment and remediation services to enterprise organizations that need to improve their cloud security postures. 

Virtually all organizations use the cloud, yet 51% of enterprises use no vendors or tools to quantify risk. Cloud usage and cybersecurity cannot be ignored. The CSA TCC Program makes it easier for organizations to source and connect with recognized, trusted consultants that leverage CSA best practices. 

To learn more about becoming a Trusted Cloud Consultant or how to connect with one, email [email protected].

The Cloud Security Alliance is excited to release Key Features & Technologies of Software-Defined Perimeter, the third course in our online Zero Trust Training (ZTT) program.  This new course will provide learners with an in-depth look at the key features and technologies of SDP for securing today’s and tomorrow’s IT infrastructures—whether they are on-premises, in the cloud, a hybrid of the two, or a case with multiple cloud service providers. 

[Take the Course] 

Learners will be introduced to the principles of Least Privilege and Need to Know, policy-based authorization and access controls, and the similarities and differences between SDP and SDN.

This course is a great fit for users in any of the following roles:

• C-Suite (CEO, CTO, CISO, CIO)
• Managers and Decision Makers
• Cybersecurity Analysts
• Security Engineers and Architects
• Enterprise Architects
• Security Administrators
• Compliance Managers
• Systems Engineers
• Developers

The ZTT program covers eight areas of Zero Trust knowledge and will be rolled out in a series of six courses available on CSA’s Knowledge Center. To learn more about CSA’s Zero Trust Training program, download the ZTT overview and get started.  

Special offer for CSA Members! 

Through December 31, CSA corporate members receive 50% off the ZTT bundle on the Knowledge Center, which includes six online ZTT courses and one exam token. Fill out this form to claim 50% off the ZTT bundle or learn how you can create a custom ZTT package for your team that meets the unique needs of your organization. 

Take advantage of our biggest discount ever on the Certificate of Cloud Security Knowledge (CCSK), you must!

Help us celebrate Star Wars Day and mark your calendar for a massive savings opportunity on May 4th. The CCSK certificate is widely recognized as the standard of expertise for cloud security, providing a solid, foundational knowledge of how to secure data in the cloud. To ensure this valuable credential is widely accessible, we will be offering 54% off all CCSK online products:

• CCSK Exam Token (Only $181.70 after discount)
• CCSK Online Foundation Course Only (Only $227.70 after discount)
• CCSK Online Foundation Course + Exam Token Bundle (Only $365.70 after discount)

Start: Midnight (12 AM PT), Wednesday, 5/4/22
End: Midnight (12 AM PT), Thursday, 5/5/22

Our mission is to train cloud experts and help fill the skills gap in cloud security. Further your knowledge, increase your professional opportunities, and share this promotion with anyone who might benefit from it!

You’ll hear from us again Wednesday about how you can save 54% on these CCSK offerings.

Registration for SECtember 2022 is now open! Join us in Bellevue, WA on Sept. 26-30 to hear from featured leaders from government, cloud, cybersecurity, and Global 2000 enterprises. Our keynote speakers this year will include Jason Witty, Chief Security Officer, USAA, and returning guest Jen Easterly, Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Obtain the tools you need to manage cyber risk in modern enterprises by attending the first global event dedicated to the intersection of cloud and cybersecurity. Learn more and register here: https://csaurl.org/6e25gx

#SECtember #cloudsecurity #cybersecurityconference