Cloud Security Alliance

Cloud Controls Matrix and CAIQ v4.1

The Cloud Controls Matrix (CCM) is a cybersecurity control framework made up of 207 controls across 17 security domains. The CCM maps to industry best practices and is considered the standard for ...
Cloud Security Alliance

SaaS Security Capability Framework (SSCF)

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, ...
Cloud Security Alliance

The Agentic Trust Framework: Zero Trust Governance for AI Agents

Overview of the Agentic Trust Framework (ATF), an open governance spec applying Zero Trust to autonomous AI agents, with ...
Cloud Security Alliance

Agentic AI Red Teaming Guide

This publication provides a detailed red teaming framework for Agentic AI. It explains how to test critical vulnerabilities across dimensions like permission escalation, hallucination, orchestration ...
Cloud Security Alliance

AI Model Risk Management Framework

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, ...
Cloud Security Alliance

AI Governance Framework Adoption in Cloud-Native AI Systems: Phased Approach and Considerations

A phased guide to AI governance in cloud-native systems, aligning ISO 42001:2023 and NIST AI-RMF with lifecycle controls, ...
Cloud Security Alliance

AI Safety Initiative

CSA’s AI Safety Initiative is the premier coalition of trusted experts who converge to develop and deliver essential AI guidance and tools that empower organizations of all sizes to deploy AI ...
Cloud Security Alliance

The State of Non-Human Identity and AI Security

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, ...
Cloud Security Alliance

Communicating the Business Value of Zero Trust

For those who want to learn from the industry's first benchmark for measuring Zero Trust skill sets, the CCZT includes foundational Zero Trust components released by CISA and NIST, innovative work in ...
Cloud Security Alliance

Resolving The Coordination Gap in Modern Cloud Security

Explores how continuous monitoring and structured check-ins close the coordination gap in cloud security, boosting ...
Cloud Security Alliance

Analyzing Log Data with AI Models to Meet Zero Trust Principles

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, ...
Cloud Security Alliance

The Breach That Did Not Need a Hacker: How Ordinary Identity Gaps Create Extraordinary Damage

FinWise shows how ordinary identity gaps, not hackers, can trigger data breaches; learn identity governance and offboarding ...