Cloud Security Alliance

AI Agent Identity Is Being Solved Backwards - And the Window to Fix It Is Now

Why static IAM falls short for AI agents, and how runtime-scoped, ephemeral credentials reduce risk and misconfigurations.
Cloud Security Alliance

Runtime Is Where Cloud Security Really Counts: The Importance of Detection, Forensics and Real-Time Architecture Awareness

Why runtime is the key to cloud security: real-time detection, forensics, and continuous monitoring beyond posture-only CNAPP ...
Cloud Security Alliance

8 Dangerous Truths About Excessive Privileges in Cloud and SaaS Platforms

Explains why excessive cloud and SaaS privileges are risky, from credential exposure to privilege creep, and highlights ...
Cloud Security Alliance

SAGE: The Format STIX, OSCAL, and SARIF Don't Cover

Learn how SAGE (Security Analysis and Guidance Exchange) closes the narrative gap in cybersecurity by enabling ...
Cloud Security Alliance

CCSK Plus

The CCSK Plus builds on the foundation class with expanded material and offers extensive hands-on activities that reinforce classroom instruction. Students engage in a scenario of bringing a fictional ...
Cloud Security Alliance

CCM v4.0 - FedRAMP Mapping (Interim Publication)

This document contains a control mapping between the CSA CCM v4.0 and the Federal Risk and Authorization Management Program (FedRAMP). The mapping serves to align CCM with FedRAMP Low, Moderate and ...
Cloud Security Alliance

CCSK v5 Contributors

We are grateful for the individuals whose dedication and expertise have been crucial in the development of the CCSK v5. Each of these contributors volunteered their time and resources, playing a vital ...