The Cloud Safe Task Force (CSTF) – comprised of four nonprofits: MITRE, the Cloud Security Alliance (CSA), the Advanced Technology Academic Research Center (ATARC), and the IT Acquisition Advisory Council (IT-AAC) – held its fourth meeting on Wednesday to discuss how to achieve greater authorization-to-operate (ATO) reciprocity in cloud security practices.
Task force members explained during a Nov. 13 ATARC event that among current security control frameworks in the cloud service industry, reciprocity does not exist.
This means that cloud service providers (CSPs) may have a single control that has to “be assessed and reassessed up to 12 or more times because of the multiple frameworks that they have to assess to,” according to Mari Spina, a senior principal cybersecurity engineer at MITRE.
Read the rest of the story at MeriTalk.