Resources

Cloud Security Alliance

The global nonprofit driving cloud security standards, research, training, and community.

CSA Security Guidance

CSA Security Guidance v5 for modern cloud components, governance, IAM, workload security, data security, and incident response.

CCSK Certificate of Cloud Security Knowledge

Vendor-neutral cloud security certification recognized globally.

CSA Research Publications

CSA's library of vendor-neutral whitepapers, reports, frameworks, and research publications.

Cloud Controls Matrix

CSA's cloud security control framework for assurance, compliance, and shared responsibility.

CSA STAR Registry

Registry for reviewing cloud provider security, trust, assurance, and risk submissions.

CIS Benchmarks

Consensus-based secure configuration benchmarks for cloud platforms, operating systems, Kubernetes, and more.

Key Management in Cloud Services

CSA guidance for designing, evaluating, and operating key management systems in modern cloud environments.

AWS Well-Architected Security Pillar

AWS guidance for designing and operating secure workloads using Well-Architected practices.

Microsoft Cloud Security Benchmark

Prescriptive Microsoft benchmark for securing Azure and multicloud workloads.

Google Cloud Architecture Framework: Security

Google Cloud security principles and recommendations for cloud architecture and operations.

CSA Top Threats to Cloud Computing

CSA research on current cloud threat patterns, case studies, controls, and mitigations.

Cloud Threat Modeling 2025

CSA methodology for continuous threat modeling across cloud-first, AI-enabled environments.

Cloud Incident Response Framework

CSA framework for preparing for, managing, and coordinating response to cloud incidents.

NIST Zero Trust Architecture

NIST SP 800-207 reference architecture for applying zero trust principles.

Six Pillars of DevSecOps

CSA guidance on integrating security principles, processes, and technology into DevOps workflows.

NIST AI Risk Management Framework

Vendor-neutral framework for managing AI risks across design, development, deployment, and use.

NIST Generative AI Profile

NIST AI RMF companion profile focused on generative AI risks and risk management actions.

CSA AI Organizational Responsibilities

CSA guidance on AI governance, risk management, compliance, culture, security policies, audit processes, and operational responsibilities.

Training in AI Security & Ethics (TAISE)

CSA training program covering AI security principles, risks, and governance.

AI Controls Matrix

A structured CSA framework for implementing security controls in AI systems.

OWASP Top 10 for LLM Applications

Practical OWASP guidance on the most critical security risks in large language model applications.

MITRE ATLAS

Knowledge base of adversary tactics and techniques for AI-enabled systems and machine learning threats.