CSA STAR PROGRAMS

STAR Program is a publicly available registry designed to recognize assurance requirements and maturity levels of cloud service providers (CSPs). Prior to issuing the guidance for STAR Certification and STAR Attestation, a CSP could only perform a self-assessment, which meant completing the Consensus Assessments Initiative questionnaire (CAIQ) and making the responses publicly available on the CSA Register.

TALK WITH A SPECIALIST RESOURCES

OUR CSA STAR CERTIFICATION SPECIALIST

RYAN MACKIE

CSA STAR SUBJECT MATTER EXPERT

“The CSA produced the CCM as a comprehensive control set that includes the baseline of necessary controls, as well as best practices, for CSPs in today’s ever-changing information environment. CSPs have traditionally pointed to the CCM as an authoritative source. However, now organizations have the opportunity to undergo third party assessments through the STAR Certification or STAR Attestation programs. The program will now help validate maturity level or control activities, respectively, to the CCM and provide an additional assessment to the overall compliance program.”
OUR CSA STAR ATTESTATION SPECIALIST

DEBBIE ZALLER

PRINCIPAL AND CSA STAR SUBJECT MATTER EXPERT

“The CSA produced the CCM as a comprehensive control set that includes the baseline of necessary controls, as well as best practices, for CSPs in today’s ever-changing information environment. CSPs have traditionally pointed to the CCM as an authoritative source. However, now organizations have the opportunity to undergo third party assessments through the STAR Certification or STAR Attestation programs. The program will now help validate maturity level or control activities, respectively, to the CCM and provide an additional assessment to the overall compliance program.”

CSA STAR CERTIFICATION

The CSA STAR Certification is a third party independent assessment of the security of a CSP that leverages the requirements of the ISO/IEC 27001:2013 (ISO 27001) management system standard together with the CSA Cloud Controls Matrix (CCM) version 3.0.1. In order to achieve the STAR Certification, a CSP must already have an active ISO 27001 certification or have the STAR Certification assessment performed in tandem with an ISO 27001 certification review.

TALK WITH A SPECIALIST

CSA STAR ATTESTATION

The CSA STAR Attestation is a third party independent assessment of the security of a CSP. CSA STAR Attestation is a collaboration between the CSA and the American Institute of CPAs (AICPA) to provide guidance for CPA firms (or service auditors) to conduct STAR Attestations using criteria from the AICPA Trust Services Principles (TSP) and the Cloud Control Matrix (CCM). This assessment utilizes the SOC 2 framework to report on the suitability of the design and operating effectiveness of a CSP’s controls relevant to the applicable TSPs (which include Security, Availability, Confidentiality, Processing Integrity, and Privacy) and the suitability of the design and operating effectiveness of its controls in meeting the criteria in the CSA CCM.

TALK WITH A SPECIALIST