Back to Frameworks

South Korea Cloud Security Assurance Program (CSAP)

South Korea
v2016 (revised 2023)
4 domains
4 controls

The South Korea Cloud Security Assurance Program (CSAP), operated by the Korea Internet & Security Agency (KISA) under the Cloud Computing Act, is a mandatory certification for cloud service providers serving government agencies and public institutions. It evaluates cloud services against security requirements across 14 control areas. Three certification levels: standard, enhanced, and SaaS simplified. Annual renewal required.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (4)

Audit

1 controls
Controls in the Audit domain of South Korea Cloud Security Assurance Program (CSAP)1 controls
CodeTitle
KRCSAP-4Audit, Recertification, KISA Cooperation

Certification

1 controls
Controls in the Certification domain of South Korea Cloud Security Assurance Program (CSAP)1 controls
CodeTitle
KRCSAP-1CSAP Certification Tiers (IaaS, SaaS, DaaS, AI)

Cloud Security

1 controls
Controls in the Cloud Security domain of South Korea Cloud Security Assurance Program (CSAP)1 controls
CodeTitle
KRCSAP-2Cloud Security Controls

Data Sovereignty

1 controls
Controls in the Data Sovereignty domain of South Korea Cloud Security Assurance Program (CSAP)1 controls
CodeTitle
KRCSAP-3Data Sovereignty, Domestic Storage

Your Compliance Coverage

If you comply with South Korea Cloud Security Assurance Program (CSAP), you already cover:

Maps to 31 other frameworks

4 total controls
HKMA SPM
1 source controls mapped|1 target controls covered
25%
ASIS SPC.1-2009 - Organizational Resilience Standard
1 source controls mapped|3 target controls covered
25%
ISO/IEC 27007:2020
1 source controls mapped|1 target controls covered
25%
BS 65000:2014 - Guidance on Organizational Resilience
1 source controls mapped|1 target controls covered
25%
ASD Strategies to Mitigate Cyber Security Incidents
1 source controls mapped|1 target controls covered
25%
ISO/IEC 38500:2024 - Governance of IT
1 source controls mapped|1 target controls covered
25%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|2 target controls covered
25%
ISO/IEC 27031:2011
1 source controls mapped|2 target controls covered
25%
FFIEC Cybersecurity Assessment Tool (CAT)
1 source controls mapped|1 target controls covered
25%
FTC GLBA Safeguards Rule (16 CFR Part 314)
1 source controls mapped|1 target controls covered
25%
GLBA
1 source controls mapped|1 target controls covered
25%
HKMA Cyber Resilience Assessment Framework (C-RAF)
1 source controls mapped|1 target controls covered
25%
NIST Privacy Framework
1 source controls mapped|2 target controls covered
25%
SASB Standards
1 source controls mapped|1 target controls covered
25%
Protective Security Policy Framework (PSPF) Release 2024
1 source controls mapped|1 target controls covered
25%
PSD2 SCA
1 source controls mapped|1 target controls covered
25%
OSFI B-13
1 source controls mapped|2 target controls covered
25%
Open Banking Security
1 source controls mapped|2 target controls covered
25%
OECD AI Principles
1 source controls mapped|1 target controls covered
25%
O-RAN WG11 Security Specification
1 source controls mapped|1 target controls covered
25%
25%
Nevada Gaming Control Board Cybersecurity Requirements
1 source controls mapped|1 target controls covered
25%
MTCS (Singapore)
1 source controls mapped|1 target controls covered
25%
Monetary Authority of Singapore Technology Risk Management Guidelines
1 source controls mapped|2 target controls covered
25%
Japan AI Guidelines
1 source controls mapped|1 target controls covered
25%
ITU-T X.805 - Security Architecture for End-to-End Communications
1 source controls mapped|1 target controls covered
25%
IRM Enterprise Risk Management Framework (Institute of Risk Management)
1 source controls mapped|1 target controls covered
25%
India CERT-In Cyber Security Directions 2022
1 source controls mapped|1 target controls covered
25%
IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)
1 source controls mapped|1 target controls covered
25%
IEEE 7000
1 source controls mapped|1 target controls covered
25%

Frequently Asked Questions

What is South Korea Cloud Security Assurance Program (CSAP)?

South Korea Cloud Security Assurance Program (CSAP) is a compliance framework from South Korea with 4 domains and 4 controls. The South Korea Cloud Security Assurance Program (CSAP), operated by the Korea Internet & Security Agency (KISA) under the Cloud Computing Act, is a mandatory certification for cloud service providers serving government agencies and public institutions. It evaluates cloud services against security requirements across 14 control areas. Three certification levels: standard, enhanced, and SaaS simplified. Annual renewal required. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does South Korea Cloud Security Assurance Program (CSAP) have?

South Korea Cloud Security Assurance Program (CSAP) has 4 controls organised across 4 domains. The largest domains are Audit (1 controls), Certification (1 controls), Cloud Security (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does South Korea Cloud Security Assurance Program (CSAP) map to?

South Korea Cloud Security Assurance Program (CSAP) maps to 31 other compliance frameworks. The top mapping partners are HKMA SPM (25% coverage), ASIS SPC.1-2009 - Organizational Resilience Standard (25% coverage), ISO/IEC 27007:2020 (25% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with South Korea Cloud Security Assurance Program (CSAP) compliance?

Start your South Korea Cloud Security Assurance Program (CSAP) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about South Korea Cloud Security Assurance Program (CSAP) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 4 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required