Cloud Security Alliance

Deep Dive into the Software-Defined Perimeter (SDP) Guide v3

CSA's SDP v3 explores identity-first, Zero Trust connectivity across IT, OT, and IoT with AI-speed security. Learn more about ...
Cloud Security Alliance

AI Agent Identity Is Being Solved Backwards - And the Window to Fix It Is Now

Why static IAM falls short for AI agents, and how runtime-scoped, ephemeral credentials reduce risk and misconfigurations.
Cloud Security Alliance

CCSK Plus

The CCSK Plus builds on the foundation class with expanded material and offers extensive hands-on activities that reinforce classroom instruction. Students engage in a scenario of bringing a fictional ...
Cloud Security Alliance

CCM v4.0 - FedRAMP Mapping (Interim Publication)

This document contains a control mapping between the CSA CCM v4.0 and the Federal Risk and Authorization Management Program (FedRAMP). The mapping serves to align CCM with FedRAMP Low, Moderate and ...
Cloud Security Alliance

CCSK v5 Contributors

We are grateful for the individuals whose dedication and expertise have been crucial in the development of the CCSK v5. Each of these contributors volunteered their time and resources, playing a vital ...
Cloud Security Alliance

SAGE: The Format STIX, OSCAL, and SARIF Don't Cover

Security research lives in PDFs. PDFs are good for humans and useless to machines. That mismatch was annoying a few years ago. It's expensive today. Detection engineers are feeding those PDFs into RAG ...
Cloud Security Alliance

8 Dangerous Truths About Excessive Privileges in Cloud and SaaS Platforms

How many people in your organization have user access and privileges they don’t truly need? That question was central to a recent incident in France. Authorities there disclosed unauthorized access to ...