Security, Trust and Assurance Registry (STAR) definition

This definition is part of our Essential Guide: How to evaluate, choose and work securely with cloud service providers
Contributor(s): Marcia Savage

The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls. 

STAR was launched by the Cloud Security Alliance, a nonprofit group of vendors, consultants and practitioners in August 2011. The goal of the registry, which is freely accessible, is to increase cloud provider transparency by making self-assessments provided by cloud providers publicly available. Cloud customers can use STAR to research the security practices of participating cloud providers.

To participate in the registry, cloud providers can submit a report documenting their compliance with the CSA’s Cloud Controls Matrix, which provides a controls framework. Or providers can opt to submit a Consensus Assessments Initiative Questionnaire (CAIQ), a list developed by the CSA of more than 140 questions a cloud customer might ask a cloud provider.

In the fall of 2011, the CSA announced that Google, Verizon, Intel, McAfee and Microsoft plan to participate in STAR. In December, a preview of the registry became available with CAIQs for Microsoft Office 365 and cloud-based managed security provider Solutionary.

This was first published in February 2012

Continue Reading About Security, Trust and Assurance Registry (STAR)

PRO+

Content

Find more PRO+ content and other member only offers, here.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close