What is the CSA STAR Program?

Publicly available registry designed to recognize assurance requirements and

maturity levels of cloud service providers

CSA STAR Certification

Third party independent assessment of the security of a CSP that leverages the

requirements of the ISO 27001

The CSA STAR Certification Assessment 1. CSP must have an active ISO 27001

certification or performed in tandem with an ISO 27001 assessment

2. Must be performed by an accredited CSA certification body

The Evaluation

Maturity against 5 management principles: 1. Communication and Stakeholder Engagement

2. Policies, Plans and Procedures, and a Systematic Approach

3. Skills and Expertise

4. Ownership, Leadership, and Management

5. Monitoring and Measuring

1. Maturity level for each CCM security domain is rated 1 to 15

2. Then averaged and results in an overall maturity score

The Evaluation

CSP can achieve either no award, a bronze award, a silver award, or a gold award.

Once an award is issued the CSP can register with the CSA STAR Registry.

The Results & Registration

1. External communication of an active security program

2. Further reassurance of an established maturely level within CCM security domains

3. Identify further opportunities to increase overall maturity level

Benefits

1. ISO 27001 Certificate is mandatory or must be in tandem

2. Focus is on the management principles and maturity not CCM controls

3. Formal control testing is not required 4. Deliverable is only a certificate 5. Subjective maturity score

Drawbacks

Learn More About CSA STAR >