CSA STAR Certification Overview
-
Upload
brightline-cpas-and-associates -
Category
Technology
-
view
61 -
download
2
Transcript of CSA STAR Certification Overview
What is the CSA STAR Program?
Publicly available registry designed to recognize assurance requirements and
maturity levels of cloud service providers
CSA STAR Certification
Third party independent assessment of the security of a CSP that leverages the
requirements of the ISO 27001
The CSA STAR Certification Assessment 1. CSP must have an active ISO 27001
certification or performed in tandem with an ISO 27001 assessment
2. Must be performed by an accredited CSA certification body
The Evaluation
Maturity against 5 management principles: 1. Communication and Stakeholder Engagement
2. Policies, Plans and Procedures, and a Systematic Approach
3. Skills and Expertise
4. Ownership, Leadership, and Management
5. Monitoring and Measuring
1. Maturity level for each CCM security domain is rated 1 to 15
2. Then averaged and results in an overall maturity score
The Evaluation
CSP can achieve either no award, a bronze award, a silver award, or a gold award.
Once an award is issued the CSP can register with the CSA STAR Registry.
The Results & Registration
1. External communication of an active security program
2. Further reassurance of an established maturely level within CCM security domains
3. Identify further opportunities to increase overall maturity level
Benefits
1. ISO 27001 Certificate is mandatory or must be in tandem
2. Focus is on the management principles and maturity not CCM controls
3. Formal control testing is not required 4. Deliverable is only a certificate 5. Subjective maturity score
Drawbacks