CSA STAR Certification

Position your organization as a trusted cloud provider and improve your security maturity.

Home » Services » CSA STAR Certification

Services category: IT Compliance and Privacy

CSA STAR Certification

CSA STAR is the trusted program to position your organization as a trusted Cloud provider while improving your security maturity using best practices.

The Cloud Security Alliance (CSA) helps define the best practices for a secure cloud environment. CSA developed and operates the CSA Security, Trust, Assurance & Risk (STAR) Registry Program, widely known for its key principles: “transparency, rigorous auditing, and harmonization of standards”. Organizations who hold the CSA STAR Certification or Attestation are a sign of best practices for their cloud offerings.

Share this content

Criteria and Scoring

CSA STAR uses a “technology-neutral” approach leveraging the ISO/IEC 27001 control criteria and adding Cloud-specific controls from best practices and leading standards and regulations. All these controls are mapped in the Cloud Control Matrix or CCM.

The requirement controls are classified into 16 Control Areas in the CCM:

  • Audit Assurance and Compliance
  • Application & Interface Security
  • Business Continuity Management
  • Change Control Management
  • Data Center Security
  • Data Security & Information Lifecycle
  • Encryption and Key Management
    Governance and Risk Management
  • Human Resources
  • Identity and Access Management
  • Interoperability & Portability
  • Infrastructure and Virtualization Security
  • Mobile Security
  • Security Incident Management
  • Supply Chain, Transparency & Accountability
  • Threat and Vulnerability Management

CCM is currently the most widely used standard for Cloud security assurance and compliance, and it provides organizations with the required structure, detail, and clarity regarding information security for their Cloud service.

CSPs can either choose to perform a Certification or an Attestation. The difference is the following:


  • CSA STAR Certificates are issued for a period of 3 years and it is required that an ISO/IEC 27001 Certification be current when issuing a CSA STAR Certification.
  • The certification process follows the same protocol as ISO/IEC 27001. Thus ‘a point in time’ audit.


  • The STAR Attestation is an independent, third-party assessment of the security of a CSP that leverages the requirements of the SOC 2 framework (based on the AICPA Trust Services Principles (TSP)) in conjunction with the CCM. By pursuing the STAR Attestation, it allows organizations to demonstrate the suitability of the design and operating effectiveness of their controls over a period of time, rather than at a point in time.

How Does Elevate Assist CSPs

We already help many CSPs perform the readiness towards ISO 27001 and SOC 2 and know how to integrate CSA STAR to:

  • Perform the Gap Analysis
  • Provide recommendations and assist with implementation to increase the scoring
  • Perform remediation activities (from policy development to technical configuration advisory)
  • Be Your ‘Go To’ security trusted advisor to improve your contract environment



>> This service article was last update on July 23, 2022
Contact Elevate today to learn more about CSA STAR Certification

Elevate // +1 (888) 601-5351 // Monday to Friday 9am-6pm