Cloud Security Alliance Announces Open Certification Framework
According to an announcement by the Cloud Security Alliance, the CSA Open Certification Framework is a program for flexible, incremental, and multi-layered cloud provider certification according to the Cloud Security Alliance’s industry leading security guidance and control objectives. The program will support popular third-party assessment and attestation statements developed within the public accounting community.
The CSA Open Certification Framework is based upon the control objectives and continuous monitoring structure as defined within the CSA GRC (Governance, Risk and Compliance) Stack research projects. The CSA Open Certification Framework will provide explicit guidance for providers to use GRC Stack tools for multiple certification efforts. For example, scoping documentation will articulate how a particular provider may follow an ISO/IEC 27001 certification path that incorporates the CSA Cloud Controls Matrix. CSA supports certify-once, use-often, where possible.
Initial partners for the CSA Open Certification Framework will be announced September 25 at CSA Congress Europe, and a detailed timeline will provided then as well. For more information, click here.