# CSA STAR

Cloud Security Alliance Certification

## Cloud Security Transparency

The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) program provides a framework for cloud providers to publish their security controls and undergo independent assessment. It is widely recognized by enterprise procurement teams as a signal of cloud security maturity.

Sistava is committed to participating in the CSA STAR program to give our customers full transparency into our cloud security posture.

## Our Cloud Security Practices

We deploy on hardened Kubernetes clusters with network policies, pod security standards, and automated vulnerability scanning. Our container images are built from minimal base images and scanned for known vulnerabilities before deployment.

Infrastructure is managed as code with automated provisioning, ensuring consistency and auditability. Secrets are encrypted and managed through dedicated secret management tooling, never stored in source code.

## Certification Plans

We plan to complete the CSA STAR Self-Assessment as our first step, followed by third-party assessment as we grow. This page will be updated with our STAR registry listing when available.

## What this means for customers

- Hardened Kubernetes infrastructure with automated security scanning
- Infrastructure as code for consistency and auditability
- Secure secret management with no credentials in source code
- CSA STAR assessment planned for cloud security transparency