CSA — Cloud Security Alliance

Sources: Cloud Security Alliance (homepage)

CSA (Cloud Security Alliance) is an industry-led, nonprofit organization producing best practices for cloud and AI security. In AI, CSA publishes the Agentic Trust Framework (ATF v1.0, Feb 2, 2026) and previously published MAESTRO (Feb 6, 2025), a seven-layer threat-modeling framework for agentic systems (L1 Foundation Models through L7 Agent Ecosystem). The structure of both is primary-source-verified in the 2026-Q2 standards review.

Q1 2026 Activity

  • CSA Agentic Trust Framework v1.0 (February 2, 2026) — Zero Trust governance for AI agents built on five core elements (Identity, Behavior, Data Governance, Segmentation, Incident Response), four maturity levels (Intern → Junior → Senior → Principal), and five promotion gates (Performance, Security Validation, Business Value, Incident Record, Governance Sign-off) that govern level advancement
  • CSAI Foundation (March 23, 2026) — new 501(c)(3) spun from CSA with six strategic programs:
    • AI Risk Observatory
    • “Valid-AI-ted” AI-driven audit engine
    • AI Controls Matrix expansion (adding ISO 42001, ISO 27001, and SOC 2 mappings)
    • Three additional programs

AI Controls Matrix

CSA’s AI Controls Matrix expansion is significant: by adding ISO 42001, ISO 27001, and SOC 2 mappings to AI-specific controls, it could provide the first unified compliance mapping across multiple standards — a gap identified in every prior analysis. This remains a roadmap item (not yet delivered as of April 2026).

CISO Community Output

See Also