STAR comprehensively includes crucial principles of transparency, auditing, and harmonization of standards. STAR certification provides multiple benefits, including assessment of cloud technology against industry-established best practices and validation of security posture of cloud offerings.
The Cloud Security Alliance has created the Cloud Controls Matrix (CCM) which is a baseline set
of security controls to help enterprises assess the risk associated with a cloud computing
provider. CCM v3.0.1 is available as a free download to help limitations exist for encrypting
data in storage, data in transit and key management.
Domains of Cloud Control Matrix:
There are 16 domains identified in the CCM and TCL has complied to the 133 controls of all 16 domains. They are:
|Domain Name||No. of Controls|
|Application & Interface Security; Application Security||4|
|Audit Assurance & Compliance; Audit Planning||3|
|Business Continuity Management & Operational Resilience; Business Continuity Planning||11|
|Change Control & Configuration Management; New Development / Acquisition||5|
|Data Security & Information Lifecycle Management Classification||7|
|Datacenter Security; Asset Management||9|
|Encryption & Key Management Entitlement||4|
|Governance and Risk Management; Baseline Requirements||11|
|Human Resources; Asset Returns||11|
|Identity & Access Management; Audit Tools Access||13|
|Infrastructure & Virtualization Security; Audit Logging / Intrusion Detection||13|
|Interoperability & Portability; APIs||5|
|Mobile Security; Anti-Malware||20|
|Security Incident Management, E-Discovery & Cloud
Contact / Authority Maintenance
|Supply Chain Management, Transparency and
Data Quality and Integrity
|Threat and Vulnerability Management
Anti-Virus / Malicious Software
CSA STAR Self-Assessment is open to all cloud technology players and allows them to submit self-assessment reports which records adoption and compliance to CSA-published best practices. CSA CCM is a framework which provides organizations with the needed structure, detail and precision relating to information security exercises that are tailored-made to the cloud industry.
To indicate TCL’s compliance with CSA best practices the Cloud Controls Matrix (CCM) was submitted, which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.