Which is the lowest level of the CSA STAR program?
Which is the lowest level of the CSA STAR program?
The CSA STAR program consists of different levels of assurance. The lowest level, Level 1, involves self-assessment, where organizations submit a self-assessment to the STAR registry. This is followed by higher levels that include third-party audits and continuous monitoring. Hybridization is not a recognized level within the CSA STAR program.
B. Self-assessment
The Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR) Program is a cloud security certification framework that provides three levels of assurance. The lowest level is Self-Assessment, where cloud providers complete a self-reported questionnaire based on the Consensus Assessments Initiative Questionnaire (CAIQ) or Cloud Controls Matrix (CCM). CSA STAR Program Levels: Level 1 - Self-Assessment → The lowest level, where the provider self-reports security controls using CSA's CAIQ/CCM. Level 2 - Attestation / Certification → Independent third-party audit of the provider’s security controls. Level 3 - Continuous Monitoring → Ongoing security assessments for real-time compliance monitoring.