The CloudTrust Protocol (CTP) is a procedure for establishing digital trust between a cloud computing customer and a cloud service provider.
Potential cloud service customers can request and retrieve information about the cloud provider. The goal of CTP is allow customers to make customers make informed decisions when evaluating cloud service providers.
Created in 2010 by the late Ron Knode of CSC and licensed for use by the Cloud Security Alliance (CSA) in 2011, the CTP consists of 23 criteria for cloud transparency. The CloudTrust Protocol is intended to establish digital trust between a cloud computing customer and provider and create transparency about the provider's configurations, vulnerabilities, access, authorization, policy, accountability, anchoring and operating status conditions.
The CTP is one of four initiatives in what the CSA calls its Governance, Risk and Compliance (GRC) Stack, a set of tools for standardizing best practices. The other CSA GRC Stack initiatives include CloudAudit, Cloud Controls Matrix (CCM) and Consensus Assessments Initiative Questionnaire (CAIQ).