You can eliminate redundant testing if you can provide the assessor with valid certifications or independently audited framework compliance artifacts.
Just upload your certification as evidence for the Tier 2 CASA specialist to validate and accelerate your validation process. Here is the list of accepted certifications and frameworks:
| Accepted Frameworks |
Description |
Want to use it to accelerate CASA? |
Example Upload |
|---|---|---|---|
|
SOC 2 |
The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy. |
Upload one of the following:
|
|
|
NIST 800-53 rev4 NIST 800-53 rev5 |
A set of security standards that provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. |
Upload one of the following:
|
|
|
ISO 27002 v2022 |
Requirements and guidelines that address public cloud PIMS and PII management requirements for both processors and controllers. |
Independent assessment report |
|
|
NIST 800-171A |
NIST 800-171A is framework designed to safeguard CUI on the networks of third-party government contractors and subcontractors. |
Upload one of the following:
|
|
|
NIST 800-172 |
NIST 800-172 is supplement to NIST Special Publication 800-171. |
Upload one of the following:
|
- |
|
ISO 27701 v2019 |
A global privacy standard that focuses on the collection and processing of personally identifiable information (PII). This standard was developed to help organizations comply with international privacy frameworks and laws. |
Upload one of the following:
|
|
|
FedRAMP |
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. |
Upload one of the following:
|
|
|
CIS CSC v8 |
A set of best-practice cybersecurity standards that provides the baseline configurations to ensure compliance with industry-agreed cybersecurity standards. |
Upload one of the following:
|
|
|
IEC 62443-4-2 |
A set of security standards for the secure development of Industrial Automation and Control Systems (IACS). |
ISASecure Certification |
|
|
COBIT 2019 |
Control Objectives for Information and Related Technology (COBIT) is a framework for the governance and management of enterprise information and technology, aimed at the whole enterprise. |
COBIT 2019 self-assessment report based on CMMI |
- |
