CSA — Cloud Security Alliance
Sources: Cloud Security Alliance (homepage)
CSA (Cloud Security Alliance) is an industry-led, nonprofit organization producing best practices for cloud and AI security. In AI, CSA publishes the Agentic Trust Framework (ATF v1.0, Feb 2, 2026) and previously published MAESTRO (Feb 6, 2025), a seven-layer threat-modeling framework for agentic systems (L1 Foundation Models through L7 Agent Ecosystem). The structure of both is primary-source-verified in the 2026-Q2 standards review.
Q1 2026 Activity
- CSA Agentic Trust Framework v1.0 (February 2, 2026) — Zero Trust governance for AI agents built on five core elements (Identity, Behavior, Data Governance, Segmentation, Incident Response), four maturity levels (Intern → Junior → Senior → Principal), and five promotion gates (Performance, Security Validation, Business Value, Incident Record, Governance Sign-off) that govern level advancement
- CSAI Foundation (March 23, 2026) — new 501(c)(3) spun from CSA with six strategic programs:
- AI Risk Observatory
- “Valid-AI-ted” AI-driven audit engine
- AI Controls Matrix expansion (adding ISO 42001, ISO 27001, and SOC 2 mappings)
- Three additional programs
AI Controls Matrix
CSA’s AI Controls Matrix expansion is significant: by adding ISO 42001, ISO 27001, and SOC 2 mappings to AI-specific controls, it could provide the first unified compliance mapping across multiple standards — a gap identified in every prior analysis. This remains a roadmap item (not yet delivered as of April 2026).
CISO Community Output
- *The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program* (v1.0, 2026-04-12) — co-published with SANS Institute, Unprompted, and OWASP Gen AI Security Project. Lead author Gadi Evron (CSA CISO-in-Residence for AI) with Rich Mogull (CSA Chief Analyst) and Robert T. Lee (SANS Chief AI Officer); 17 contributing authors and 75+ named reviewers. Operational instrument filed as Mythos-ready Security Program (Playbook); concept anchors filed at VulnOps, Zero Day Clock, Cyber Poverty Line, Citizen Coders. Contact:
cisos@cloudsecurityalliance.org.
See Also
- CSA Agentic Trust Framework — the primary framework page
- Gadi Evron — CSA CISO-in-Residence for AI