What is required for Level One of the CSA STAR framework?

Level One of the CSA STAR (Security, Trust, Assurance, and Risk) framework focuses on self-assessment and transparency of a cloud service provider’s (CSP's) security posture. In this phase, the requirement is to release and make available due diligence assessments. This involves documenting and publishing the security controls and practices that a cloud service provider has in place, enabling customers and stakeholders to understand the security landscape and trust the provider accordingly.

By providing these due diligence assessments, CSPs can communicate their security capabilities and commitment to transparency, which is essential for building trust among customers and partners. This self-assessment is a critical first step in demonstrating a CSP’s adherence to security standards and helps lay the foundation for more advanced levels of assurance in the framework. The focus is on establishing a baseline for transparency that users can rely on when selecting or using a cloud service.

The other options refer to more advanced levels of assessment or compliance, which are not prerequisites for Level One. Independent third-party assessment results and results from continuous monitoring are typically involved in higher levels of the CSA STAR framework, which require a deeper and more rigorous evaluation of security practices. Similarly, compliance documentation like ISO 27001:2013 is associated with established certification standards and does not fall