Cloud Security Alliance Announces Open Certification Framework

By

The Cloud Security Alliance (CSA) announces the CSA Open Certification Framework – an industry initiative to allow global, trusted certification of cloud providers.

According to an announcement by the Cloud Security Alliance, the CSA Open Certification Framework is a program for flexible, incremental, and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives. The program will support popular third-party assessment and attestation statements developed within the public accounting community.

The CSA Open Certification Framework is based upon the control objectives and continuous monitoring structure as defined within the CSA GRC (Governance, Risk and Compliance) Stack research projects. The CSA Open Certification Framework will provide explicit guidance for providers to use GRC Stack tools for multiple certification efforts. For example, scoping documentation will articulate how a particular provider may follow an ISO/IEC 27001 certification path that incorporates the CSA Cloud Controls Matrix. CSA supports certify-once, use-often, where possible.

Initial partners for the CSA Open Certification Framework will be announced September 25 at CSA Congress Europe, and a detailed timeline will provided then as well. For more information, click here.

05/17/2012

Related content

  • Fathoming the cloud
    Much spoken of but little understood, "the cloud" poses new security problems that need to be defined and debated and their solutions facilitated.
    more »
  • Open Virtualization Alliance

    The Open Virtualization Alliance was founded three months ago to raise awareness about kernel-based virtualization and promote the adoption of KVM in the enterprise. We stopped in for a progress report.

    more »
  • Red Hat Adds Common Criteria Certification for RHEL 8.2
    more »
  • Azure Gets US Government Certification
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
comments powered by Disqus