Improve security posture through CSA STAR’s integrated certification program

Contact US

Security Assurance for the Cloud

The Cloud Security Alliance’s Security, Trust, Assurance, and Risk (CSA STAR) is one of the most powerful certification programs for cloud service providers (CSPs). The CSA STAR program integrates multiple security standards, including SOC 2, ISO/IEC 27001 and GDPR, advancing cloud governance and compliance for CSPs into an integrated security system that helps eliminate compliance gaps and avoid unmitigated risks.

Organizations who achieve CSA STAR certification can expect accelerated business growth all while building and maintaining a robust security program. Because of the blended nature of CSA STAR’s associated standards and frameworks, CSPs not only improve their posture as a trusted cloud vendor but are included as part of a credible marketplace database that’s recognized from a global perspective.

STAR Security, Trust, Assurance & Risk Registry

How CSA STAR Works

CSA STAR Certification

CSA STAR is based on several foundational tools, including the:

Once certified, your organization can register to be a part of the STAR Registry, a global database of organizations who demonstrate security and privacy best practices. Certification toward CSA STAR contains two levels, a self-assessment, third-party auditing, and continuous management. Read more for details on each of these levels.

Level 1: Self-Assessment

Level 1 is the first step toward CSA STAR certification and is open to all organizations. The self-assessment phase is a good fit for organizations who want to boost trust by demonstrating the transparency of the security controls in place.

During the self-assessment phase, CSPs complete a CAIQ to document compliance with the CCM. STAR Self-Assessments are updated annually. Additionally, The GDPR Code of Conduct Self-Assessment covers compliance to GDPR. After publishing all necessary documents to the STAR Registry, CSPs will receive a Compliance Mark that’s valid for one year.

Level 2: Attestation and Certification

Level 2 includes an attestation and certification phase through a rigorous assessment process. Organizations who’ve already completed assessments through frameworks like SOC 2 and ISO/IEC 27001 can benefit from this phase, increasing security assurance and privacy in their cloud environments.

Attestation: The CSA STAR Attestation is a combination of CSA and AICPA Trust Service Criteria that are used for SOC 2 engagements. STAR Attestations last one year with a minimum period of six months.

Certification: Certification under CSA STAR program is an assessment of the security of a CSP. The certification process leverages requirements of ISO/IEC 27001 with the CSA Cloud Control Matrix. STAR certifications last three years, and once complete, CSPs can register as “STAR Certified” under the STAR Registry.


  • Trusted advisor to some of the fastest growing cloud service providers (IaaS, PaaS, SaaS) in the country
  • Serving the most regulated industries including technology, financial services, healthcare and government
  • Clients range from high-growth startups to Fortune 1000 companies
  • 40% of BARR’s audit reports are delivered early
  • Competitive, fixed rates to accommodate growing enterprises
  • We put you and your business first, providing unparalleled communication and accessibility at all times

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

Connect With BARR

Recent Blog Posts

The SEC Charges SolarWinds with Fraud—What Does this Mean for the Role of the CISO?

| CISO, Federal, News | No Comments

The Securities and Exchange Commission (SEC) recently announced charges against SolarWinds Corporation and its chief information security officer (CISO), Timothy G. Brown. The charges include fraud and internal control failures…

Everything You Need to Know About the Proposed SEC Cybersecurity Reporting Requirements

| Federal, Security, Security and Compliance | No Comments

Last year, the Securities and Exchange Commission (SEC) proposed new rules to enhance and standardize cybersecurity risk management, strategy, governance, and incident reporting disclosure practices by public companies and other…

Is Your Company’s Cybersecurity Posture Mother-Approved?

| Cloud Computing, Company Culture, Connected Devices, Cyber Hygiene, Data Privacy, News, Risk Management, Security, Vulnerability Management | No Comments

As Mother’s Day approaches, we take time to reflect on all of the things mothers, and all caregivers, do to ensure the safety and security of their children. From the…

Compliance-Driven Pentesting: Driving Business Growth and Resilience Webinar

| Cloud Computing, Security, Security and Compliance, Vulnerability Management | No Comments

BARR Advisory recently teamed up with Cobalt and anecdotes to host a free webinar titled, “Compliance-Driven Pentesting: Driving Business Growth and Resilience.” In the webinar, we took a deep dive…

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.