Research Working Groups

24 total

5G Security  

  last person joined 2 days ago

View Only

AI Technology & Risk  

AI Technology & Risk

  last person joined yesterday

View Only

Automation, orchestration, visibility & analytics  

  last person joined 19 days ago

View Only

CAVEaT  

  last person joined 19 days ago

View Only

Cloud Data Breach Investigation  

*This community is currently inactive*
The Cloud Data Breach Investigation working group will undertake to develop an industry best-practice guidance on how an investigation of cloud data breaches should be conducted to ensure timely detection of data breaches; accurate identification of root cause(s) and timeline; proper handling of evidence for legal admissibility; and, reporting to management of affected organizations and regulators.

  last person joined yesterday

View Only

Confidential Computing  

  last person joined 19 days ago

View Only

Data Privacy Engineering  

The Data Privacy Engineering Working Group (DPE WG) is chartered with the mission to integrate privacy-centric methodologies into development workflows, architecture design, and data science methodologies. Collectively referred to as “DataSecOps”, these elements comprise end-to-end data privacy practices wherein data is definitively scoped, inventoried, classified and secured over a total data lifecycle as an inherent part of a digital work product. This integration aims to ensure compliance, data protection, and secure data management in cloud environments. The WG will develop guidelines for incorporating privacy engineering into DataSecOps—including Differential Privacy as one such approach, create privacy-centric tools, foster professional collaboration, and promote awareness about privacy engineering, with a special emphasis on the application and implications of Differential Privacy in DataSecOps. The group is led by Chair(s), working in collaboration with CSA leadership, membership-at-large, and the broader community of interest.

  last person joined 2 days ago

View Only

Data Security  

Data security is the process of protecting digital information from unauthorized access, corruption, or theft throughout its entire lifecycle. It’s a concept that encompasses every aspect of information security from the physical security of hardware and storage devices, administrative and access controls, logical security of software applications, and organizational policies and procedures. When properly implemented, data security strategies will protect an organization’s information assets against cyberattacks, as well as guard against insider threats and human error, which remains among the leading causes of data breaches.

  last person joined yesterday

View Only

DevSecOps  

Businesses are now demanding a stronger collaboration between both development and operational teams and adding their relative security teams. This additional force that creates DevSecOps is transferable to the idea that prior to this implementation, DevOps skipped the security step which after deployment of applications created roadblocks once confronted with issues that arose with this specific exclusion. The true focus of DevSecOps is to create a transparent and full circle management life cycle that leverages all of the components of DevSecOps to ensure timely and full functioning application deployment that include proper security steps through every process rather than at the end.

  last person joined yesterday

View Only

Enterprise Authority to Operate (EATO)  

The mission of the Enterprise Authority to Operate (EATO) Working Group is to develop, maintain, review, update, support, and deploy a concentrated assessment and certification and attestation scheme catering to small and mid-sized vendors/service providers, with the aim of enabling such vendors to achieve a certification accepted also by larger Corporate Clients, including such clients in tightly regulated industries such as Finance.

The EATO targets a comprehensive assessment of risks inherent in Anything as a Service (XaaS) products with underlying Cloud-based infrastructure or platform, with particular focuses on information security and privacy, but also covering Business Continuity, Data Retention, Archiving, and vendor/service provider controls and risks.

The EATO Working Group defines and sets auditing requirements and minimum standards required to be achieved to pass the EATO assessment and certification.

The EATO Working Group defines requirements for consultancy companies to support small and mid-sized vendors/service providers, with the aim of enabling such vendors to derive architectures and designs compliant with the EATO certification schemes.

  last person joined 19 days ago

View Only

Financial Services Industry  

The mission of the CSA FSI community and research working groups is to bring together financial service institutions, financial supervisory authorities, and other national regulatory bodies along with relevant cloud and fintech service providers. Together they discuss and identify commonly acceptable best practices that will help manage the technical security risks related to secure cloud adoption, and facilitate compliance with laws and regulations.

  last person joined 5 days ago

View Only

Identity and Access Management  

This working group aims to educate, promote best practices, and advance Identity standards by fostering a culture of collaboration between various organizations to achieve consistent and effective IAM practices in and for the cloud. The working group will author guidelines and best practices, and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing IAM systems for use with cloud services.

  last person joined yesterday

View Only

Pillar: Applications & Workload  

  last person joined 19 days ago

View Only

Pillar: Device  

  last person joined 19 days ago

View Only

Pillar: Identity  

  last person joined 19 days ago

View Only

Pillar: Network/Environment  

  last person joined 19 days ago

View Only

Research Working Groups  

CSA Working Groups are the go-to source for best practices, research, and tools for providing security assurance and privacy in the cloud. CSA’s diverse membership of industry practitioners and corporate members has converged and continuously cycled through researching, analyzing, formulating, and delivering arguably the most advanced research and tools available across the cloud security spectrum.
Here you can find a list of active research working groups, volunteer opportunities, and open peer reviews.

  last person joined 2 years ago

View Only

Security as a Service  

In today's world of so many SecaaS offerings, CSA's SecaaS working group strives to establish general categories of security services, and provides guidance on what should be expected as a standard set of functionalities in any given category.
This working group is in the process of being revitalized, and co-chairs are currently being determined. Once leadership is confirmed, charter revision and forecasting deliverables will begin.

  last person joined 4 days ago

View Only

Vulnerability Data  

This working group has been created to guide the creation of an open source and automation compatible vulnerability identification framework. By making it easy to generate and consume vulnerability information, the cybersecurity industry will be better equipped to rapidly respond to emerging threats.

  last person joined 3 days ago

View Only

Zero Trust  

The working group will advocate for and promote the adoption of Zero Trust security principles, providing practical and technically sound guidance on how organizations can and should approach this, for their cloud and on-premise environments along with mobile endpoints. This group will build on and leverage established and recognized zero trust frameworks and controls. The goals of the CSA Zero Trust (ZT) Working Group are to:
- Act as a source of education and outreach on the adoption of Zero Trust as a modern and necessary approach to information security
- Take a deliberately technology and vendor-neutral approach to architectures and approaches for mature Zero Trust implementations.
- Aim to educate the industry about the strengths and weaknesses of different approaches so enterprises can make informed decisions based on their specific needs and priorities.
- Be able to take technically sound positions and make defensible recommendations on Zero Trust while remaining vendor-neutral

  last person joined yesterday

View Only