csa star registrant

CloudHealth by VMware Becomes A CSA STAR Registrant

Marie Burke
Sr. Product Marketing Manager
Published:
Mar. 2, 2020
2 minute read

We are pleased to announce that as of January 23, 2020, CloudHealth is a Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) registrant.

What is CSA?

The Cloud Security Alliance (CSA) is a global organization that helps cloud users maintain a trusted cloud ecosystem. The CSA educates the cloud community and documents best practices to help organizations keep their cloud environments secure.

What is the STAR Program?

The STAR Program stands for the Security, Trust & Assurance Registry. Operated by CSA, STAR is a cloud security provider certification program and is also a publicly accessible registry. The purpose of CSA STAR is to provide organizations with a set of industry standards that can be used to validate the security posture of the cloud offerings they leverage.

What is the CAIQ?

The Consensus Assessments Initiative Questionnaire (CAIQ) is a document with yes/no questions that can be used to assess the security posture of a cloud provider or cloud service. CAIQ is based on the CSA Cloud Controls Matrix (CCM) framework which includes numerous security controls across the following 16 categories:

  • Application & Interface Security
  • Audit Assurance & Compliance
  • Business Continuity Management & Operational Resilience
  • Change Control & Configuration Management
  • Data Security & Information Lifecycle Management
  • Datacenter Security
  • Encryption & Key Management
  • Governance & Risk Management
  • Human Resources
  • Identity & Access Management
  • Infrastructure & Virtualization Security
  • Interoperability & Portability
  • Mobile Security
  • Security Incident Management, E-Discovery, & Cloud Forensics
  • Supply Chain Management, Transparency, and Accountability
  • Threat & Vulnerability Management

The controls that are outlined in the CCM framework and leveraged in the CAIQ are used by organizations to map against industry regulations and standards, such as SOC 2, ISO 27001, PCI DSS, NIST, FedRAMP, and more. 

Organizations evaluating CloudHealth by VMware can use the CAIQ to thoroughly assess the security controls we have in place to safeguard their data while operating in the cloud. To learn more about the CloudHealth platform and sign up for a demo, click here.  

Source: “Cloud Security Alliance Home.” Cloud Security Alliance, cloudsecurityalliance.org/.