The Cloud Security Alliance (CSA) is an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA manages the Security, Trust, Assurance, and Risk (STAR) Registry.
MongoDB has achieved both CSA STAR Level 1, by submitting a Consensus Assessments Initiative Questionnaire (CAIQ) for MongoDB Atlas, and CSA STAR Level 2, via a third-party audit of Atlas’s security. See the MongoDB Atlas listing in the STAR Registry for details.
There are two levels of CSA STAR. Level 1 is a self-assessment by organizations. CSA STAR Level 2 requires a third-party audit.
For CSA STAR Level 1, organizations can submit one or both of the security and privacy self-assessments. For the security assessment, cloud providers submit the Consensus Assessments Initiative Questionnaire (CAIQ), which is based on CSA’s Cloud Controls Matrix. The privacy assessment is based on the GDPR Code of Conduct.
For CSA STAR Level 2, companies undergo third-party audits. CSA STAR Level 2 builds off of other industry certifications. Variations include STAR Attestation for SOC 2, STAR Certification for ISO/IEC 27001:2013, and C-STAR for the Greater China Market.
MongoDB has achieved both CSA STAR Level 1 and CSA STAR Level 2.
For CSA STAR Level 1, MongoDB maintains a Consensus Assessments Initiative Questionnaire (CAIQ) for MongoDB Atlas.
For CSA STAR Level 2, MongoDB received a STAR Certification after a third-party audit of MongoDB Atlas, based on ISO/IEC 27001:2013 together with the CSA Cloud Controls Matrix (CCM)
Note also that MongoDB has undergone independent 3rd party audits and certification for both SOC 2 Type II and ISO/IEC 27001:2013.
This page is for informational purposes only, and MongoDB does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of MongoDB's services as appropriate to support its legal and compliance obligations.
Launch a new app or migrate to MongoDB Atlas with zero downtime