Skip to main content
Image coming soon

CSA STAR Cloud Security Assurance Evidence & Implementation Kit

$249.00
Adding to cart… The item has been added
CSA STAR · Cloud Controls Matrix & CAIQ · Evidence & Implementation Kit
Earn CSA STAR assurance, without turning the Cloud Controls Matrix into evidence yourself.
Every STAR expectation handed to you as an adopt-ready control, from the CAIQ and assurance levels through the Cloud Controls Matrix domains, with the shared responsibility model and the evidence a STAR assessor examines.
STAR-ready in a weekend, not a quarter.

Here is the honest situation. CSA STAR is how cloud providers demonstrate security assurance, from a CAIQ self-assessment on the public STAR Registry, to third-party STAR Certification against ISO 27001 or STAR Attestation against SOC 2, to continuous auditing. It runs on the Cloud Controls Matrix, seventeen domains from governance and IAM to cryptography, application security, resilience and supply chain, all under a shared responsibility model. Building those controls and evidencing every CAIQ answer is real work, and a provider whose CAIQ says yes but cannot show the evidence is exactly where cloud providers fall short.

This Kit removes that build. It is every STAR and Cloud Controls Matrix expectation written as an adopt-ready control you personalize in a weekend, with the evidence a STAR assessor examines.

What you get, the moment you buy

36
Expectations as adopt-ready controls. Every STAR expectation, from the CAIQ and assurance levels through the Cloud Controls Matrix domains of governance, IAM, cryptography, application, data, resilience and supply chain, written so you personalize and apply it.
36
Evidence-they-examine checklists. For each control, exactly what a STAR assessor examines, plus where cloud providers fall short, so you close the gap first.
1
Cloud Controls Matrix, pre-built. Every control in a working spreadsheet, ready to record status, ownership under shared responsibility and evidence location.
1
Gap & Readiness Assessment. Score each control and the workbook returns your readiness as a single percentage, and exactly what to fix next.

Grounded in the CSA STAR program and the Cloud Controls Matrix, with the CAIQ, the three assurance levels (self-assessment, certification/attestation, continuous auditing), the CCM domains and the shared responsibility model called out. Editable Word and Excel files.

A CAIQ answer is only as good as its evidence
STAR self-assessment runs on the CAIQ, and a yes you cannot evidence is worse than a no when an assessor or a customer checks. STAR Certification and Attestation raise that bar further. This Kit builds each Cloud Controls Matrix control with the evidence behind the CAIQ answer, so your STAR entry stands up to scrutiny.

What one control looks like

This is the STAR program, the CAIQ and the assurance levels, where STAR begins. All 36 are built to this depth.

STAR-1 Complete and publish the CAIQ self-assessment STAR PROGRAM
Implement this control

Complete every question in the Consensus Assessments Initiative Questionnaire for [your cloud service name], marking each answer as yes, no, or not applicable with a supporting note, and ensure that no control response is left blank or overstated before you submit the workbook to the STAR Registry for public listing.

Practitioner note.

Treat each yes as a claim an assessor can and will ask you to prove.

Evidence a STAR assessor examines
  • Completed CAIQ workbook aligned to CCM v4
  • Registry submission confirmation for the service
  • Internal review sign-off on each answer
  • Mapping of answers to underlying control documents
Common finding they raise: Providers mark controls as implemented without holding the evidence that would substantiate the answer.

Why this is not another template pack

  • The evidence is the point. A control you cannot evidence fails an assessment and a customer's due diligence. This tells you what a STAR assessor examines and where providers fall short, for every control.
  • The CCM domains and shared responsibility built in. The Cloud Controls Matrix domains and the shared responsibility model are written into the controls, so ownership between provider and customer is explicit.
  • Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
  • It compounds. The CCM maps to ISO 27001, SOC 2 and other frameworks, so this work feeds your wider certification program.

Who buys this

Cloud service providers pursuing STAR, and the customers and security, compliance and cloud leads who own it. Whether it is a first CAIQ self-assessment or a push to certification, you save weeks and walk in with the CCM controls and evidence structured.

By the end of the weekend you will have
✓  An adopt-ready control for all 36 CCM expectations
✓  A completed Cloud Controls Matrix
✓  The evidence a STAR assessor examines
✓  Your CAIQ answers backed by evidence
✓  A readiness percentage and a fix list
✓  The shared-responsibility gaps closed

Common questions

Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.

What are the STAR levels? Level 1 self-assessment via CAIQ, Level 2 third-party certification or attestation, and continuous auditing. The kit supports all three.

Is it based on the Cloud Controls Matrix? Yes. The controls are grounded in the CCM domains and the CAIQ, with the shared responsibility model throughout.

Does it help toward ISO 27001 or SOC 2? Yes. STAR Certification builds on ISO 27001 and STAR Attestation on SOC 2, and the CCM maps across, so the work is reusable.

What if it is not for me? A 30-day money-back guarantee.

Do not publish a CAIQ you cannot back with evidence.
Every STAR expectation is fast to adopt with the Kit. It is instant, and it is guaranteed.
Add it to your cart and be STAR-ready this weekend.

Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com