Cloud Security Alliance

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access Visibility

Salesloft breach shows how OAuth tokens abused by trusted apps enable data exposure, underscoring the need for Zero Trust and ...
Cloud Security Alliance

Introducing the SaaS Security Capability Framework (SSCF) v1.0: Raising the Bar for SaaS Security

The SaaS Security Capability Framework (SSCF) v1.0 introduces practical, actionable controls for SaaS security, guiding ...
Cloud Security Alliance

Announcing the AI Controls Matrix and ISO/IEC 42001 Mapping — and the Roadmap to STAR for AI 42001

Written by Jim Reavis, Co-founder and Chief Executive Officer, CSA. Today, CSA is releasing the official mapping of the AI Controls Matrix (AICM v1.0) to ISO/IEC 42001:2023—with companion references ...
Cloud Security Alliance

Securing the Agentic AI Control Plane: Announcing the MCP Security Resource Center

Introducing CSA’s MCP Security Resource Center — the first open industry hub for securing the Model Context Protocol and the broader agentic AI control plane. The Model Context Protocol (MCP) gives us ...
Cloud Security Alliance

Terms and Conditions

Welcome to https://cloudsecurityalliance.org (“Site”). The Site is owned and operated by the Cloud Security Alliance (“CSA”). You may download, view, use ...