Cloud Security Alliance Submission: Cloud Controls Matrix (CCM) & Quantum-Safe Security Working Groups By: James A. Bex 07/11/2025 Q-TRAX Lite Post-Quantum Threat Telemetry for CloudOps CRITICAL QUANTUM SECURITY GAP The quantum ... Learn More
Dear members, The bi-weekly Key Mgmt call has started. Please feel free to join the Zoom Meeting https://cloudsecurityalliance.zoom.us/j/85177080386?pwd=TFFmSoMbtBdy8Jy7iNGQYVnbbvyhhs.1 Meeting ID: 851 7708 0386 Passcode: 953618 Kind regards, ... Learn More
Think you're ready for the CCZT exam? Here’s a practice question to sharpen your skills. Want more practice? Download the CCZT Prep Kit for additional questions and essential study materials to help you ace the exam! Download Now → https://bit.ly/3Q2hMlv ... Learn More
Due to schedule conflicts and illnesses, we won't be able to host the QSS July 15th call. Our next meeting will be July 29th. Apologies for any inconvenience this causes. Please reach out with any questions you have. Project Leads - Please ... Learn More
GEN-SHIELD Core Call To Action By: James A. Bex To: DevSecOps & STAR-CAR WGs Generative AI Security & Compliance Validation Framework Date: 07/10/2025 Executive Summary GEN-SHIELD Core is a next-generation DevSecOps-native ... Learn More
An open CSA community.
last person joined 2 hours ago
Are you sure you want to join this community?
Would you like to visit the community homepage now?
The working group will advocate for and promote the adoption of Zero Trust security principles, providing practical and technically sound guidance on how organizations can and should approach this, for their cloud and on-premise environments along with mobile endpoints. This group will build on and leverage established and recognized zero trust frameworks and controls. The goals of the CSA Zero Trust (ZT) Working Group are to:- Act as a source of education and outreach on the adoption of Zero Trust as a modern and necessary approach to information security- Take a deliberately technology and vendor-neutral approach to architectures and approaches for mature Zero Trust implementations. - Aim to educate the industry about the strengths and weaknesses of different approaches so enterprises can make informed decisions based on their specific needs and priorities.- Be able to take technically sound positions and make defensible recommendations on Zero Trust while remaining vendor-neutral
last person joined 4 days ago
This group revolves around CSA’s CCSK training content, based off of CSA’s Security Guidance document. The CCSK training provides learners with a foundational knowledge of cloud computing environments and terminology. This community is an open group for CCSK test takers, trainers, and anyone interested in the training to connect, converse, ask questions, and share resources. This group has a no soliciting policy. We are happy to direct members to the Inner Circle for any cloud related advertisement announcements.
last person joined 3 days ago
Businesses are now demanding a stronger collaboration between both development and operational teams and adding their relative security teams. This additional force that creates DevSecOps is transferable to the idea that prior to this implementation, DevOps skipped the security step which after deployment of applications created roadblocks once confronted with issues that arose with this specific exclusion. The true focus of DevSecOps is to create a transparent and full circle management life cycle that leverages all of the components of DevSecOps to ensure timely and full functioning application deployment that include proper security steps through every process rather than at the end.
last person joined 2 days ago
This group revolves around CSA’s CCAK training content, based off of the work done by the Cloud Audit Expert Group. The CCAK training content offers an overview of auditing a cloud environment as well as provides several resources for CSPs, CSCs, and Auditors alike to take advantage of. This is an open group for CCAK test takers, trainers, and anyone interested in the training to connect, converse, ask questions, and share resources. This group has a no soliciting policy. We are happy to direct members to the Inner Circle for any cloud related advertisement announcements.
last person joined 9 days ago
This group revolves around CSA’s ACSP hands-on training. The ACSP course provides a deeper dive into cloud security knowledge that builds on the CCSK. This is an open group for ACSP students, trainers, and anyone interested in the training to connect, converse, ask questions, and share resources. This group has a no soliciting policy. We are happy to direct members to the Inner Circle for any cloud related advertisement announcements.
AI Technology & Risk
last person joined 14 hours ago
In today's world of so many SecaaS offerings, CSA's SecaaS working group strives to establish general categories of security services, and provides guidance on what should be expected as a standard set of functionalities in any given category.This working group is in the process of being revitalized, and co-chairs are currently being determined. Once leadership is confirmed, charter revision and forecasting deliverables will begin.
last person joined 5 days ago
last person joined 7 days ago
This working group aims to educate, promote best practices, and advance Identity standards by fostering a culture of collaboration between various organizations to achieve consistent and effective IAM practices in and for the cloud. The working group will author guidelines and best practices, and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing IAM systems for use with cloud services.
last person joined 6 days ago
A private community for CSA UK Chapter to share and collaborate.
The mission of the CSA FSI community and research working groups is to bring together financial service institutions, financial supervisory authorities, and other national regulatory bodies along with relevant cloud and fintech service providers. Together they discuss and identify commonly acceptable best practices that will help manage the technical security risks related to secure cloud adoption, and facilitate compliance with laws and regulations.
last person joined 15 days ago
A private community for CSA Bangalore Chapter to share and collaborate.
last person joined 18 days ago
A private community for CSA Triangle (Triangle Area of North Carolina) Chapter to share and collaborate. We reach throughout the eastern portion of North Carolina to all who are interested in learning more about Cybersecurity. We are a 501c3 non-profit organization based in Raleigh, North Carolina and are actively seeking members to join and engage. Our chapter actively supports Veterans and welcome those with backgrounds in IT and Cybersecurity to engage, share their experiences and grow professionally.
- This working group is currently inactive -This working group has been created to guide the creation of an open source and automation compatible vulnerability identification framework. By making it easy to generate and consume vulnerability information, the cybersecurity industry will be better equipped to rapidly respond to emerging threats.
A private community for CSA Washington DC Metro Area Chapter to share and collaborate.
last person joined 20 days ago
A private community for CSA Carolinas Chapter to share and collaborate.
last person joined 2 months ago
A private community for CSA Nashville Chapter to share and collaborate.
This group revolves around CSA’s Certificate of Competence in Zero Trust (CCZT) training content. The CCZT training content offers an overview of foundational areas of Zero Trust knowledge, including strategy and governance, architecture, planning and implementation, identity, device security, and more. This is an open group for CCZT test takers, trainers, and anyone interested in the training to connect, converse, ask questions, and share resources. This group has a no-soliciting policy. We are happy to direct members to the Inner Circle for any cloud-related advertisement announcements.
last person joined 8 days ago
CSA Italy si rivolge a professionisti ed imprese in Italia che credono nel successo del modello Cloud Computing e nella condivisione di esperienze e buone pratiche per promuoverne l’utilizzo in sicurezza. CSA Italy e' un' associazione no-profit di diritto italiano costituita nell’Ottobre 2011, Capitolo Italiano di Cloud Security Alliance (CSA). CSA Italy si propone di supportare il mercato Information and Communication Technology e Cyber Security in Italia, in particolare le PMI e Pubbliche Amministrazioni, nell’adozione di un approccio consapevole e sicuro al Cloud Computing. Certi del valore che il modello cloud computing può generare nel mercato italiano, CSA Italy intende promuovere:- un’adeguata disciplina di sicurezza dell’utilizzatore di servizi Cloud, a partire da una corretta identificazione delle informazioni che intende trasferire e gestire nel Cloud e consapevolezza della loro importanza, necessaria per richiedere adeguate misure di sicurezza nel Cloud;- stimolare i Cloud Provider ad essere più trasparenti nel comunicare modelli e misure di sicurezza e privacy adottate per la protezione dei dati dei propri Clienti.Per maggiori informazioni potete scrivere a info@csaitaly.it
last person joined 29 days ago