Cloud Security Alliance Develops Assessment Spec for Third Parties

Grazed from InfoSecurity. Author: Editorial Staff.

The Cloud Security Alliance (CSA) has established the CSA Security Trust & Assurance Registry (STAR) Attestation, a specification for rigorous third-party assessments of cloud providers. The CSA developed it in conjunction with the American Institute of CPAs (AICPA), and is aimed at CPAs who are conducting Service Organization Controls (SOC) 2 engagements with the CSA’s Cloud Controls Matrix (CCM).

“The AICPA is pleased to collaborate with CSA on STAR Attestation, which brings together best practices for Security Organization Control reporting,” said Amy Pawlicki, AICPA director of business reporting, assurance and advisory services, in a statement. Security is of paramount importance in cloud computing, and the complementary frameworks put forth by AICPA and the CSA provide a comprehensive foundation for practitioners to follow in performing engagements in this space.”…

STAR Attestation provides a framework for a CPA to express an opinion of several key factors related to service description, control suitability and control effectiveness within the cloud provider’s systems. It’s the latest offering of Level 2 of the CSA STAR Program, a comprehensive set of offerings for cloud provider trust and assurance. STAR includes Level 1 Self-Assessment, which focuses upon transparency of security practices and Level 3 Continuous Monitoring. I will be available in 2015…

Read more from the source @ http://www.infosecurity-magazine.com/view/39535/cloud-security-alliance-develops-assessment-spec-for-third-parties/