Announcements

SaaS Security and Threats Survey

Length: 28 questions, 9 minutes

Deadline: March 19

Participate Here → https://csaurl.org/6ysco7

Game of Threats

Open Until: 3/16/2023

Learn More → https://csaurl.org/wd35k0

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline

Open Until: 3/31/2023

Learn More → https://csaurl.org/2wstxx

High Performance Computing Tabletop Guide

Open Until: 4/7/23

Learn More → https://csaurl.org/w3njwj

CCPA - CSA Code of Conduct Gap Resolution

Open Until: 4/10/23

Learn More → https://csaurl.org/bikb1z

Annex 10 to the CSA Code of Conduct for GDPR Compliance

Open Until: 4/10/23

Learn More → https://csaurl.org/lsxk19

CCMV4-Lite

Open Until: 5/15/23

Learn More → https://csaurl.org/5vrprp

Data Loss Prevention and Data Security Survey Report

Release Date: 3/14/23

Summary: As the traditional perimeter is reduced or eliminated with the move to remote and hybrid work, and as Zero Trust strategies gain popularity, data security in cloud computing has had to adapt and improve. Data loss prevention (DLP) solutions are often an integral part of these new data security strategies, but organizations are still struggling with the implementation of these solutions, especially for how complicated legacy DLP solutions are to manage and maintain.

Netskope commissioned CSA to develop this survey report to better understand the industry’s knowledge, attitudes, and opinions regarding DLP security in cloud-first technology environments. The survey was conducted in October and November of 2022 and received 2,673 responses from IT and security professionals. Topics covered in the survey included DLP strategies, Zero Trust and DLP, DLP pain points and challenges, and DLP strategies with remote workers.

Download this Resource → https://csaurl.org/p5188j

Internet of Things (IoT) Working Group Charter 2023

Release Date: 3/12/23

Summary: This charter lays out the scope, responsibilities, and roadmap for the Internet of Things Working Group. The Cloud Security Alliance Internet of Things (IoT) Working Group plans to publish reports and best practices that aid enterprise organizations in understanding and mitigating threats to IoT systems’ confidentiality, integrity, availability, and safety. These reports and best practices are practical to provide actionable guidance for security practitioners to secure their networks. 

Download this Resource → https://csaurl.org/wvuj0w

Quantum-Safe Security Working Group Charter 2023

Release Date: 3/10/23

Summary: The focus of the Quantum‐Safe Security Working Group is on cryptographic methods that will remain safe after the widespread availability of the quantum computer. This working group will be a forum for corporations, organizations, and individuals who are interested in the topic of quantum‐safe security. The goal in forming this working group is to educate, increase awareness, and spark discussions on projects and issues regarding securing communications for which current encryption methods will not be safe anymore when, in the near future, quantum computers are available. The working group will also be open to welcoming external/outside collaborations with like-minded 3rd parties for joint development of research artifacts and standards.

Download this Resource → https://csaurl.org/fntn50

Health Information Management Working Group Charter 2023

Release Date: 3/7/23

Summary: The Health Information Management Working Group aims to directly influence how health information service providers deliver secure cloud solutions (services, transport, applications, and storage) to their clients and foster cloud awareness within all aspects of healthcare and related industries.

Download this Resource → https://csaurl.org/q8i6ne

Hidden Cloud Security Challenges Are a Barrier to Zero Trust

Date: 3/21/23

Time: 1:00 PM CDT

Register Here → https://csaurl.org/3ubq6o

Health Information Management Working Group Charter 2023

Release Date: 3/7/23

Summary: The Health Information Management Working Group aims to directly influence how health information service providers deliver secure cloud solutions (services, transport, applications, and storage) to their clients and foster cloud awareness within all aspects of healthcare and related industries.

Download this Resource → https://csaurl.org/q8i6ne

SaaS Security and Threats Survey

Length: 28 questions, 9 minutes

Deadline: March 19

Participate Here → https://csaurl.org/6ysco7

Game of Threats

Open Until: 3/16/2023

Learn More → https://csaurl.org/wd35k0

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline

Open Until: 3/31/2023

Learn More → https://csaurl.org/2wstxx

High Performance Computing Tabletop Guide

Open Until: 5/8/23

Learn More → https://csaurl.org/w3njwj

Cloud Data Controls - From Compensation to Mitigation

Date: 3/14/23

Time: 12:00 PM CDT

Register Here → https://csaurl.org/nu6zgc

3 Key Pillars to Securing Your Hybrid Environment

Date: 3/15/23

Time: 12:00 PM CDT

Register Here → https://csaurl.org/egubtj

Education for Cloud Security and DevSecOps

Date: 3/16/23

Time: 5:00 AM CDT

Register Here → https://csaurl.org/udzmu1

Dig Deeper! Prioritize Cloud Vulnerabilities and Reduce Container Spending

Date: 3/16/23

Time: 12:00 PM CDT

Register Here → https://csaurl.org/2nfjol

Medical Devices in A Zero Trust Architecture

Open Until: 3/9/2023

Learn More → https://csaurl.org/j0l94a

An Agile Data Doctrine for a Secure Data Lake

Open Until: 3/12/2023

Learn More → https://csaurl.org/1fcyf0

Game of Threats

Open Until: 3/16/2023

Learn More → https://csaurl.org/wd35k0

SaaS Security and Threats Survey

Open Until: 3/19/2023

Learn More → https://csaurl.org/azh9jz

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline

Open Until: 3/31/2023

Learn More → https://csaurl.org/2wstxx

External Cyber Defense for When Your Attack Surface is Everywhere

Date: 3/9/23

Time: 1:00 PM CST

Register Here → https://csaurl.org/5ubi7v

STAR Enabled Solutions FAQ
Release Date: 2/1/23
Summary: A STAR Enabled Solution is a product or service that utilizes the CCM framework or the Consensus Assessment Initiative Questionnaire (CAIQ). Their technologies and tools have been assessed and found to meet the security requirements outlined by CSA. This vetting process allows enterprises to more easily deploy tools that align or comply with STAR, the CCM framework, and best practices.
Download this Resource → https://csaurl.org/1z3q00

Telesurgery Tabletop Guide Book
Release Date: 1/30/23
Summary: The purpose of this guidebook is to assist healthcare providers in planning and facilitating a discussion and evaluation of the procedural response actions to a security incident in which a Robotic Assisted Surgery (RAS) is targeted. This guidebook should accompany the CERT Attack Flows here in GitHub. Healthcare professionals should utilize this resource as a planning guide and checklist for each stage of exercise development. 
Download this Resource → https://csaurl.org/gedhma

CSA Data Lake Threat Modeling
Release Date: 1/26/23
Summary: As cloud platforms expand further and further into business uses, the need to understand the attack surface to your data becomes much more apparent. With the help from NTT Data and Marymount University, CSA has released for peer review our Data Lake threat modeling exercise spreadsheet. In this document, numerous elements of data lakes have been taken into consideration and have been applied a specific threat scenario. Each one of these scenarios has been applied to the STRIDE framework, as well as been provided countermeasures for possible corrections and controls. Lastly, you will be able to see the mapping of each threat scenario to its specific attack library framework. 
Download this Resource → https://csaurl.org/k15wcb

ACSP Training Course Outline | CSA
Release Date: 1/17/23
Summary: An outline of the topics covered and what you'll be building in the labs each day of the Advanced Cloud Security Practitioner (ACSP) Training. 
Download this Resource → https://csaurl.org/u4djra

Secure-by-default: Scaling your IaC Security Program
Date: 2/28/23
Time: 10:00 AM CST
Register Here → https://csaurl.org/s5m9e1

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

How to Automate Security, Governance & Privacy for Cloud Data Innovation
Date: 1/31/23
Time: 10:00 AM CST
Register Here → https://csaurl.org/fdvob2

ACSP Training Course Outline | CSA
Release Date: 1/17/23
Summary: An outline of the topics covered and what you'll be building in the labs each day of the Advanced Cloud Security Practitioner (ACSP) Training. 
Download this Resource → https://csaurl.org/u4djra

CSA Data Lake Threat Modeling
Release Date: 1/26/23
Summary: As cloud platforms expand further and further into business uses, the need to understand the attack surface to your data becomes much more apparent. With the help from NTT Data and Marymount University, CSA has released for peer review our Data Lake threat modeling exercise spreadsheet. In this document, numerous elements of data lakes have been taken into consideration and have been applied a specific threat scenario. Each one of these scenarios has been applied to the STRIDE framework, as well as been provided countermeasures for possible corrections and controls. Lastly, you will be able to see the mapping of each threat scenario to its specific attack library framework. 
Download this Resource → https://csaurl.org/k15wcb

CSA CCM v4.0 Addendum - Spain National Security Framework (ENS)
Release Date: 12/8/22
Summary: This document is an addendum to the CCM V4.0 that contains controls mapping between the CSA CCM and Spain's National Security Framework (ENS). The document aims to help ENS compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in ENS in relation to the CCM. This document contains the following information:
• Controls Mapping
• Gap Analysis
• Gap Identification (i.e., Partial, Full or No Gap)
Download this Resource → https://csaurl.org/1pcz2v

The Six Pillars of DevSecOps - Pragmatic Implementation
Release Date: 12/14/22
Summary: This document provides a high-level overview of the various tools and processes that should be considered when building out a successful DevSecOps program. It takes a wide range of DevSecOps activities and turns them into a cookbook for teams to reference when considering different approaches. It also is broken down to allow a reader with a specific role to hone in on the sections relevant to their area of expertise and responsibility. Follow-up papers will take this high-level overview, and provide specific guidance for various use-cases, as well as recommendations on which order to focus on implementation to see the greatest returns for the reader’s context. 
Download this Resource → https://csaurl.org/ik6g8n

Deconstructing Application Connectivity Challenges in a Complex Cloud Environment
Release Date: 12/14/22
Summary: The production and use of SaaS applications in organizations has grown exponentially over the past several years. Application Security has become an integral part of many organizations' security strategies. However, there are still many pain points organizations face with application connectivity security and risk management.
Download this Resource → https://csaurl.org/6frk22

Using Zero Trust to Mitigate Ransomware Threats
Date: 1/17/23
Time: 10:00 AM CST
Register Here → https://csaurl.org/vxbu5w

Crawl, Walk, Run: Operationalizing IaC Security
Date: 1/18/23
Time: 11:00 AM CST
Register Here → https://csaurl.org/bafyx2

Prioritizing Risk Among the Chaos of Cloud Development
Date: 1/19/23
Time: 11:00 AM CST
Register Here → https://csaurl.org/ainjft

CSP Perspective Working with Financial Services
Date: 1/20/23
Time: 10:00 AM CST
Register Here → https://csaurl.org/914urn

Proposal for a Standard Cloud Service Agreement Template
Open Until: 1/15/2023
Learn More → https://csaurl.org/77n68j

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

Panel: CISO’s Guide to Security Strategy During a Recession
Date: 1/9/23
Time: 12:00 PM CST
Register Here → https://csaurl.org/5topfv

Confidence in Software Supply Chains with Continuous Security
Date: 1/10/23
Time: 12:00 PM CST
Register Here → https://csaurl.org/liskze

Proposal for a Standard Cloud Service Agreement Template
Open Until: 1/15/2023
Learn More → https://csaurl.org/77n68j

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

CSA CCM v4.0 Addendum - Spain National Security Framework (ENS)
Release Date: 12/8/22
Summary: This document is an addendum to the CCM V4.0 that contains controls mapping between the CSA CCM and Spain's National Security Framework (ENS). The document aims to help ENS compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in ENS in relation to the CCM. This document contains the following information:
• Controls Mapping
• Gap Analysis
• Gap Identification (i.e., Partial, Full or No Gap)
Download this Resource → https://csaurl.org/1pcz2v

The Six Pillars of DevSecOps - Pragmatic Implementation
Release Date: 12/14/22
Summary: This document provides a high-level overview of the various tools and processes that should be considered when building out a successful DevSecOps program. It takes a wide range of DevSecOps activities and turns them into a cookbook for teams to reference when considering different approaches. It also is broken down to allow a reader with a specific role to hone in on the sections relevant to their area of expertise and responsibility. Follow-up papers will take this high-level overview, and provide specific guidance for various use-cases, as well as recommendations on which order to focus on implementation to see the greatest returns for the reader’s context. 
Download this Resource → https://csaurl.org/ik6g8n

Deconstructing Application Connectivity Challenges in a Complex Cloud Environment
Release Date: 12/14/22
Summary: The production and use of SaaS applications in organizations has grown exponentially over the past several years. Application Security has become an integral part of many organizations' security strategies. However, there are still many pain points organizations face with application connectivity security and risk management.
Download this Resource → https://csaurl.org/6frk22

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
Open Until: 12/18/2022
Learn More → https://csaurl.org/2zbqqg

ATT&CK & D3FEND with a CAVEAT
Open Until: 12/23/2022
Learn More → https://csaurl.org/sgwvdq

NTT Threat Modeling
Open Until: 12/23/2022
Learn More → https://csaurl.org/0rnvw2

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

Adobe CCF & FedRAMP Moderate: Building a Secure Compliant Environment
Date: 12/12/22
Time: 11:00 AM CST
Register Here → https://csaurl.org/txovqf

Continuously Monitoring First and Third Parties against the CCM Framework
Date: 12/13/22
Time: 12:00 PM CST
Register Here → https://csaurl.org/z3fvlf

Cloud Attacks Are Here: Threat Actors Like Containers Too!
Date: 12/14/22
Time: 12:00 PM CST
Register Here → https://csaurl.org/5e5zn3

Top Threats to Cloud Computing - Pandemic Eleven - Japanese Translation
Release Date: 11/16/22
Summary: The Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing. In this sixth installment, we surveyed 703 industry experts on security issues in the cloud industry. This year our respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report - the ‘Pandemic Eleven’. 
Download this Resource → https://csaurl.org/f6mo0a

Zero Trust as a Security Philosophy
Release Date: 11/14/22
Summary: This paper takes both a vendor-neutral and technology-solution-neutral look at what Zero Trust means for your organization and provides recommendations to develop a strategy and the supporting architecture that supports the organization and its workflows; aligning IT to business goals and outcomes.
Download this Resource → https://csaurl.org/x37jur

Telesurgery Tabletop Guide Book
Open Until: 12/16/2022
Learn More → https://csaurl.org/8ynvbi

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
Open Until: 12/18/2022
Learn More → https://csaurl.org/2zbqqg

ATT&CK & D3FEND with a CAVEAT
Open Until: 1/14/2023
Learn More → https://csaurl.org/sgwvdq

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 3/31/2023
Learn More → https://csaurl.org/2wstxx

Cloud Key Management Topic Selection Survey
Length: 15 questions, 2 minutes
Deadline: December 10
Participate Here → https://csaurl.org/z97j95

Ermetic - How Does Your Cloud Security Compare, and Where Do You Go From Here?
Date: 12/5/22
Time: 6:00 PM UTC
Register Here → https://csaurl.org/dr0crt

Microsoft - Achieving the Principle of Least Privilege Across Multicloud with CIEM!
Date: 12/6/22
Time: 10:00 AM CST
Register Here → https://csaurl.org/nemtcm

AppOmni - Is PHI Secure in SaaS Applications - And Their Ecosystems?
Date: 12/7/22
Time: 1:00 PM CST
Register Here → https://csaurl.org/adcdwe

Rubrik - A Fireside Chat: The Human Effects of Cybercrime
Date: 12/8/22
Time: 1:00 PM CST
Register Here → https://csaurl.org/29hfbr

Top Threats to Cloud Computing - Pandemic Eleven - Japanese Translation
Release Date: 11/16/22
Summary: The Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing. In this sixth installment, we surveyed 703 industry experts on security issues in the cloud industry. This year our respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report - the ‘Pandemic Eleven’. 
Download this Resource → https://csaurl.org/f6mo0a

Zero Trust as a Security Philosophy
Release Date: 11/14/22
Summary: This paper takes both a vendor-neutral and technology-solution-neutral look at what Zero Trust means for your organization and provides recommendations to develop a strategy and the supporting architecture that supports the organization and its workflows; aligning IT to business goals and outcomes.
Download this Resource → https://csaurl.org/x37jur

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 12/07/2022
Learn More → https://csaurl.org/r47b8i

Telesurgery Tabletop Guide Book
Open Until: 12/16/2022
Learn More → https://csaurl.org/8ynvbi

Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Section 2: Organization Management
Open Until: 12/18/2022
Learn More → https://csaurl.org/2zbqqg

State of Financial Services 2022
Length: 31 questions, 10 minutes
Deadline: Nov 30
Participate Here → https://csaurl.org/dbmy7d

Cloud Key Management Topic Selection Survey
Length: 15 questions, 2 minutes
Deadline: December 10
Participate Here → https://csaurl.org/z97j95

CSA is excited to launch the Trusted Cloud Consultant (TCC) Program designed to connect enterprise organizations with qualified professional consulting services. The TCC Program allows cybersecurity consulting organizations and professionals to enhance cloud relevance by enabling them with a broad understanding of CSA’s tools and best practices. Trusted Cloud Consultants are qualified sources that are able to provide cloud security assessment and remediation services to enterprise organizations that need to improve their cloud security postures. 

Virtually all organizations use the cloud, yet 51% of enterprises use no vendors or tools to quantify risk. Cloud usage and cybersecurity cannot be ignored. The CSA TCC Program makes it easier for organizations to source and connect with recognized, trusted consultants that leverage CSA best practices. 

To learn more about becoming a Trusted Cloud Consultant or how to connect with one, email [email protected].

The Cloud Security Alliance is excited to release Key Features & Technologies of Software-Defined Perimeter, the third course in our online Zero Trust Training (ZTT) program.  This new course will provide learners with an in-depth look at the key features and technologies of SDP for securing today’s and tomorrow’s IT infrastructures—whether they are on-premises, in the cloud, a hybrid of the two, or a case with multiple cloud service providers. 

[Take the Course] 

Learners will be introduced to the principles of Least Privilege and Need to Know, policy-based authorization and access controls, and the similarities and differences between SDP and SDN.

This course is a great fit for users in any of the following roles:

• C-Suite (CEO, CTO, CISO, CIO)
• Managers and Decision Makers
• Cybersecurity Analysts
• Security Engineers and Architects
• Enterprise Architects
• Security Administrators
• Compliance Managers
• Systems Engineers
• Developers

The ZTT program covers eight areas of Zero Trust knowledge and will be rolled out in a series of six courses available on CSA’s Knowledge Center. To learn more about CSA’s Zero Trust Training program, download the ZTT overview and get started.  

Special offer for CSA Members! 

Through December 31, CSA corporate members receive 50% off the ZTT bundle on the Knowledge Center, which includes six online ZTT courses and one exam token. Fill out this form to claim 50% off the ZTT bundle or learn how you can create a custom ZTT package for your team that meets the unique needs of your organization.