Cloud Security Alliance

MITRE ATT&CK for Cloud: A Practitioner's Guide to Detection Coverage

Explore MITRE ATT&CK for Cloud, the key cloud tactics and techniques, and how cloud detection and response (CDR) fits into ...
Cloud Security Alliance

Introducing the AI Security Maturity Model (AISMM)

Explore the AI Security Maturity Model (AISMM), a maturity model guiding secure enterprise AI adoption with cloud controls ...
Cloud Security Alliance

Toxic Combinations: The Five Powers Fueling the Agentic Threat Landscape

Explains how agentic AI accelerates risk to milliseconds, the five double-edged powers it requires, and how data-focused ...
Cloud Security Alliance

What an AI Lab’s Test Reveals About the Enterprise AI Challenge

Recent test results from an AI labopens in a new tab have renewed attention on a question that is becoming harder for ...
Cloud Security Alliance

Identity Spoofing vs. Identity Abuse

Explores identity spoofing vs identity abuse, clarifying how Zero Trust requires distinct controls and context-based access ...
Cloud Security Alliance

Deep Dive into the Software-Defined Perimeter (SDP) Guide v3

CSA's SDP v3 explores identity-first, Zero Trust connectivity across IT, OT, and IoT with AI-speed security. Learn more about ...
Cloud Security Alliance

State of SaaS Security Report 2025

Software-as-a-Service (SaaS) applications have become foundational to modern business operations. However, organizations are also facing a rising tide of security challenges, including visibility gaps ...
Cloud Security Alliance

Cloud Threat Modeling 2025

This threat modeling guidance aligns with frameworks such as the NIST Secure Software Development Framework and EU AI Act. Get detailed examples and visual tools, including step-by-step threat ...
Cloud Security Alliance

View Resource

The NSA has released the initial products in a series of Zero Trust Implementation Guidelines (ZIGs) to provide practical, actionable recommendations to facilitate the implementation of Zero Trust (ZT ...