A while back we announced that we were contracted by the Cloud Security Alliance to write the next version of the CSA Guidance. This is actually a community project, not us off writing by ourselves in a corner. The plan is to:

  1. Collect feedback on version 3.0 (complete).
  2. Post outlines for the updated domains and collect public feedback.
  3. Post first drafts for the updated domains and collect more feedback.
  4. Post near-final drafts for the last feedback, then complete the final versions.

I’m happy to say the content is now going up on the project site at GitHub. The first draft of the architecture section is up, as is the outline for Domain 5 (data governance). Things will start moving along more quickly from here.

The best way to use GitHub at this point is to submit Issues rather than Pull Requests. Issues we can use like comments. Pull requests are actual edits we would need to merge, and they will be difficult to handle at scale, especially if we don’t get consensus on a suggested change.

I will periodically update things here on the blog, but you can watch all the real-time editing and content creation on GitHub.