The Cloud Security Alliance (CSA) announced that CloudAudit has become an official project of the CSA, with the joint mission of promoting the use of best practices for providing security assurance within cloud computing. CloudAudit will enable automation and integration of CSA research into technology solutions.


CloudAudit is a volunteer cross-industry effort from minds in cloud, networking, security, audit, assurance and architecture backgrounds. CloudAudit’s charter is to provide a common interface that allows cloud providers to automate the Audit, Assertion, Assessment, and Assurance (A6) of their environments and allow authorized consumers of their services to do likewise via an open, extensible and secure set of interfaces.

“We are excited to welcome CloudAudit to the Cloud Security Alliance, and believe that through our joint collaboration, cloud providers will be able to deliver greater transparency and security in their offerings,” said Jim Reavis, founder of the Cloud Security Alliance.

“Beyond our mutual goal of helping providers better secure the cloud, we have several projects that are very well aligned with CloudAudit. These include the recently announced CSA Controls Matrix, which provides fundamental security principles to guide cloud vendors and potential customers in assessing overall security risk of cloud providers, and the Consensus Assessment Initiative, which was launched to provide research and tools to enable cloud computing assessments" he added.

“CloudAudit and the CSA have been well aligned since our conception,” said Christofer Hoff, founder of CloudAudit. “Much of CloudAudit’s work is derived from CSA guidance. For example, CloudAudit’s namespaces & CompliancePacks are all derived from the CSA’s Cloud Control Matrix. By becoming a part of the CSA, we look forward to greater exposure and resources to further drive our mission of enabling an automated risk assessment and audit of cloud-based environments.”