Cloud SecurityInternational
CSA STAR (Security, Trust, Assurance, and Risk)
The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) programme provides a comprehensive framework for cloud security assurance. Based on the CSA Cloud Controls Matrix (CCM), STAR offers three levels of assurance: self-assessment (Level 1), third-party audit (Level 2 — SOC 2 or ISO 27001 based), and continuous monitoring (Level 3).
Domains
Data Security and Privacy
Infrastructure and Operations Security
Threat and Vulnerability Management
Compare CSA STAR (Security, Trust, Assurance, and Risk)
CSA STAR (Security, Trust, Assurance, and Risk) vs ISO 27001:2022View comparison →CSA STAR (Security, Trust, Assurance, and Risk) vs SOC 2View comparison →CSA STAR (Security, Trust, Assurance, and Risk) vs NIST CSF 2.0View comparison →CSA STAR (Security, Trust, Assurance, and Risk) vs GDPRView comparison →CSA STAR (Security, Trust, Assurance, and Risk) vs HIPAAView comparison →CSA STAR (Security, Trust, Assurance, and Risk) vs PCI DSS 4.0View comparison →
CSA STAR (Security, Trust, Assurance, and Risk) by Industry
CSA STAR (Security, Trust, Assurance, and Risk) for Healthcare→CSA STAR (Security, Trust, Assurance, and Risk) for Financial Services→CSA STAR (Security, Trust, Assurance, and Risk) for Technology→CSA STAR (Security, Trust, Assurance, and Risk) for Government→CSA STAR (Security, Trust, Assurance, and Risk) for Manufacturing→CSA STAR (Security, Trust, Assurance, and Risk) for Energy→CSA STAR (Security, Trust, Assurance, and Risk) for Retail→CSA STAR (Security, Trust, Assurance, and Risk) for Education→
CSA STAR (Security, Trust, Assurance, and Risk) by Role
CSA STAR (Security, Trust, Assurance, and Risk) for CISOs→CSA STAR (Security, Trust, Assurance, and Risk) for Compliance Officers→CSA STAR (Security, Trust, Assurance, and Risk) for Risk Managers→CSA STAR (Security, Trust, Assurance, and Risk) for IT Directors→CSA STAR (Security, Trust, Assurance, and Risk) for DPOs→CSA STAR (Security, Trust, Assurance, and Risk) for Auditors→
Frequently Asked Questions
What is CSA STAR?
The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) programme provides a comprehensive framework for cloud security assurance. Based on the CSA Cloud Controls Matrix (CCM), STAR offers three levels of assurance: self-assessment (Level 1), third-party audit (Level 2 — SOC 2 or ISO 27001 based), and continuous monitoring (Level 3).
How many controls does CSA STAR have?
CSA STAR contains 15 controls organized across 3 domains.
Where does CSA STAR apply?
CSA STAR is applicable in International. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does CSA STAR map to?
CSA STAR has control-to-control mappings with 609 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with CSA STAR compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for CSA STAR (Security, Trust, Assurance, and Risk)?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.