Cloud Component Specifications​
  • Subject matter experts are also welcomed to join the Cloud Component Specifications WG by submitting your request HERE.
  • Read more about Cloud Component Specifications on our CSA Global page HERE.
  • Read more about 'Cloud Operating System (OS) Security Specification' Report HERE.

From a user perspective, Cloud is a service. However, for Cloud Service Providers (CSPs), integrators and channel partners who construct or build the Cloud, the Cloud architecture is comprised of many Cloud computing components. Examples of these components are hypervisors, Cloud operating systems (CloudOS) components such as “Swift”, “Glance” for OpenStack, virtual desktop infrastructure (VDI) platforms, cloud dedicated firewalls and so on.
How can we evaluate the security of these Cloud components? Currently, most of the security standards related to Cloud Computing focus on the information security management system (ISMS). However, these standards are insufficient to evaluate cloud component security because they focus on management security rather than the technical security requirements of the components. In order to address this gap, we propose to develop internationally recognized technical security specifications for cloud components.

Scope
  • ​This WG focuses on the creation of best practices for technical specifications for Cloud components 
  • Cloud components are items in the Cloud architecture which are mostly used in implementing cloud computing solutions.
  • ISMS is out of scope of this WG.

Goals
​​The objectives of this WG include:
  • Development of technical security specifications; such as, but not limited to, technical specifications for Cloud components such as CloudOS and VDI.
  • Development of a general Cloud component technical security framework for implementation of a secure Cloud.
  • Creation of a technical security certification based on, the Cloud component technical security framework and CSA STAR.

Artifacts

Cloud OS Security Specification

​This document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud computing security.
Release Date: 05/07/2019

Download here