EventJoin us at AWS re:Invent 2024! Learn how to use MongoDB for AI use cases. Learn more >>

Back to Trust CenterCSA STAR

The Cloud Security Alliance (CSA) is an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA manages the Security, Trust, Assurance, and Risk (STAR) Registry.

MongoDB has achieved both CSA STAR Level 1, by submitting a Consensus Assessments Initiative Questionnaire (CAIQ) for MongoDB Atlas, and CSA STAR Level 2, via a third-party audit of Atlas’s security.

See the MongoDB Atlas listing in the STAR Registry for details.

FAQ

What is the Cloud Security Alliance?

The Cloud Security Alliance (CSA) is an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.

What is CSA STAR?

The CSA Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the CSA’s Cloud Controls Matrix (CCM). Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to.

What are the levels of CSA STAR?

There are two levels of CSA STAR. Level 1 is a self-assessment by organizations. CSA STAR Level 2 requires a third-party audit.

For CSA STAR Level 1, organizations can submit one or both of the security and privacy self-assessments. For the security assessment, cloud providers submit the Consensus Assessments Initiative Questionnaire (CAIQ), which is based on CSA’s Cloud Controls Matrix. The privacy assessment is based on the GDPR Code of Conduct.

For CSA STAR Level 2, companies undergo third-party audits. CSA STAR Level 2 builds off of other industry certifications. Variations include STAR Attestation for SOC 2, STAR Certification for ISO/IEC 27001:2013, and C-STAR for the Greater China Market.

What level of CSA STAR has MongoDB attained?

MongoDB has achieved both CSA STAR Level 1 and CSA STAR Level 2.

For CSA STAR Level 1, MongoDB maintains a Consensus Assessments Initiative Questionnaire (CAIQ) for MongoDB Atlas.

For CSA STAR Level 2, MongoDB received a STAR Certification after a third-party audit of MongoDB Atlas, based on ISO/IEC 27001:2013 together with the CSA Cloud Controls Matrix (CCM)

Note also that MongoDB has undergone independent 3rd party audits and certification for both SOC 2 Type II and ISO/IEC 27001:2013.

Where can I find a copy of MongoDB’s CSA STAR CAIQ and STAR Certification?

Both the Consensus Assessments Initiative Questionnaire (CAIQ) and the Level 2 STAR Certification can be downloaded from the MongoDB Atlas listing in the CSA STAR Registry.

How can I ask questions about MongoDB’s CSA STAR CAIQ?

Please contact us with any questions you have.

This page is for informational purposes only, and MongoDB does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of MongoDB's services as appropriate to support its legal and compliance obligations.

View our other compliance offerings

GDPR →
EU-US Privacy Shield →
HIPAA →

Ready to get started?

Launch a new app or migrate to MongoDB Atlas with zero downtime
Start with 512MB FreeContact