CSA STAR
STAR comprehensively includes crucial principles of transparency, auditing, and harmonization of standards. STAR certification provides multiple benefits, including assessment of cloud technology against industry-established best practices and validation of security posture of cloud offerings.
Review all of our global compliance programs
How does CSA help align cloud security measure?
The Cloud Security Alliance has created the Cloud Controls Matrix (CCM) which is a baseline set of security controls to help enterprises assess the risk associated with a cloud computing provider. CCM v3.0.1 is available as a free download to help limitations exist for encrypting data in storage, data in transit and key management.
Domains of Cloud Control Matrix:
There are 16 domains identified in the CCM and TCL has complied to the 133 controls of all 16 domains. They are:
| Domain Name | No. of Controls |
| Application & Interface Security; Application Security | 4 |
| Audit Assurance & Compliance; Audit Planning | 3 |
| Business Continuity Management & Operational Resilience; Business Continuity Planning | 11 |
| Change Control & Configuration Management; New Development / Acquisition | 5 |
| Data Security & Information Lifecycle Management Classification | 7 |
| Datacenter Security; Asset Management | 9 |
| Encryption & Key Management Entitlement | 4 |
| Governance and Risk Management; Baseline Requirements | 11 |
| Human Resources; Asset Returns | 11 |
| Identity & Access Management; Audit Tools Access | 13 |
| Infrastructure & Virtualization Security; Audit Logging / Intrusion Detection | 13 |
| Interoperability & Portability; APIs | 5 |
| Mobile Security; Anti-Malware | 20 |
| Security Incident Management, E-Discovery & Cloud Forensics Contact / Authority Maintenance |
5 |
| Supply Chain Management, Transparency and Accountability Data Quality and Integrity |
9 |
| Threat and Vulnerability Management Anti-Virus / Malicious Software |
3 |
Is Tata Communications aligned to CSA STAR?
CSA STAR Self-Assessment is open to all cloud technology players and allows them to submit self-assessment reports which records adoption and compliance to CSA-published best practices. CSA CCM is a framework which provides organizations with the needed structure, detail and precision relating to information security exercises that are tailored-made to the cloud industry.
To indicate TCL’s compliance with CSA best practices the Cloud Controls Matrix (CCM) was submitted, which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.
ABOUT CSA STAR
Cloud Security Alliance is a pioneer with an aim to promote and encourage the adoption of best practices that helps in ensuring a secure cloud computing environment.
Other certifications
We offer a wealth of experience and a wide portfolio of products designed to help your business grow. Discover more exciting opportunities and create a truly bespoke solution.
Frequently asked questions
What is CSA STAR compliance?
CSA STAR compliance refers to meeting the cloud security standards defined by the Cloud Security Alliance’s Cloud Controls Matrix (CCM). It demonstrates that a cloud service provider follows industry-recognised best practices for security, transparency, and risk management. This helps businesses trust the provider’s security posture and cloud governance.
How to get CSA STAR certification?
To achieve CSA STAR certification, organisations must undergo an audit against the Cloud Security Alliance’s Cloud Controls Matrix (CCM). This includes demonstrating strong security controls, transparent processes, and alignment with cloud-focused best practices. Depending on the certification level, assessments may involve third-party audits or validated submissions.
What benefits do businesses gain by choosing Tata Communications CSA STAR-certified cloud services?
Choosing Tata Communications with CSA STAR certification gives businesses confidence in robust cloud security, transparency, and adherence to globally recognised standards. Our compliance with 133 CCM controls ensures strong protection across identity, data security, incident management, and more, helping customers operate securely and reduce risk in cloud environments.
What is the difference between ISO 27001 and CSA Star?
ISO 27001 focuses on establishing and maintaining an information security management system, while CSA STAR compliance specifically addresses cloud security requirements through the Cloud Controls Matrix. CSA STAR adds cloud-specific transparency, detailed control mapping, and industry-tailored assurance, making it a stronger fit for evaluating cloud service providers.
How does the Cloud Security Alliance STAR program help ensure cloud security compliance?
The Cloud Security Alliance STAR programme enhances security by providing a structured control framework through the CCM. It helps organisations assess cloud risks, benchmark providers, and ensure adherence to security best practices. Its emphasis on transparency, auditing, and harmonisation supports stronger, more reliable cloud security compliance.
What is a CSA STAR self-assessment and who should conduct it?
A CSA STAR self-assessment allows cloud providers to document their implementation of CSA’s security controls. It should be conducted by providers offering cloud services who want to demonstrate transparency and adherence to best practices. This self-assessment helps customers understand the provider’s security measures and risk posture.
How does Tata Communications achieve CSA STAR certification for its cloud services?
Tata Communications achieves CSA STAR certification by aligning with the Cloud Controls Matrix across multiple security domains and submitting detailed compliance documentation to the CSA. We comply with 133 controls, covering areas such as identity, data security, business continuity, vulnerability management, and application security, ensuring strong cloud protection.
How does Tata Communications conduct CSA STAR self-assessments to ensure security and compliance?
Tata Communications performs CSA STAR Self Assessment by evaluating its cloud services against the CCM framework and mapping controls across 16 domains. This structured approach ensures transparency, validates adherence to best practices, and helps maintain consistent CSA STAR Compliance for our cloud platforms.
What’s next?
Experience our solutions
Engage with interactive demos, insightful surveys, and calculators to uncover how our solutions fit your needs.
Exclusively for you
Stay updated on our Cloud Fabric and other platforms and solutions
Disclaimer: IZO™ Cloud is now Tata Communications Vayu Cloud. TATA COMMUNICATIONS VAYU branded services are available in India only.