Security, Trust and Assurance Registry (STAR)

Contributor(s): Marcia Savage

The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls. 

STAR was launched by the Cloud Security Alliance, a nonprofit group of vendors, consultants and practitioners in August 2011. The goal of the registry, which is freely accessible, is to increase cloud provider transparency by making self-assessments provided by cloud providers publicly available. Cloud customers can use STAR to research the security practices of participating cloud providers.

To participate in the registry, cloud providers can submit a report documenting their compliance with the CSA’s Cloud Controls Matrix, which provides a controls framework. Or providers can opt to submit a Consensus Assessments Initiative Questionnaire (CAIQ), a list developed by the CSA of more than 140 questions a cloud customer might ask a cloud provider.

In the fall of 2011, the CSA announced that Google, Verizon, Intel, McAfee and Microsoft plan to participate in STAR. In December, a preview of the registry became available with CAIQs for Microsoft Office 365 and cloud-based managed security provider Solutionary.

This was last updated in February 2012

Continue Reading About Security, Trust and Assurance Registry (STAR)

Dig Deeper on Evaluating Cloud Computing Providers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.