Cloud Security Assurance Program in Korea (CSAP)

Overview

The Cloud Security Assurance Program (CSAP) enables Korean public sector customers to comply with Korean security standards and regulations stipulated by the Korean government. By obtaining this certification, AWS can now provide secure cloud services to domestic public sector organizations, enabling them to safely innovate on the AWS platform.

CSAP is a Korean government-backed certification administered by the Korea Internet and Security Agency (KISA) and affiliated with the Ministry of Science and ICT (MSIT) of Korea. CSAP is a security certification system that evaluates cloud computing services against established security standards, as mandated by Article 23-2 of the Act on the Development of Cloud Computing and User Protection. This certification ensures and enhances information protection standards for services provided by cloud service providers. CSAP was introduced in 2017 with two main purposes:

To provide national and public institutions with verified, safe, and reliable private cloud services.
To implement objective and fair security certification standards that address users' security concerns while enhancing cloud service competitiveness.

AWS services in scope for the CSAP certification can be found at AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

FAQs

Open all

Which regions are covered by the AWS CSAP certification?

Asia Pacific (Seoul) Region and the AWS Edge Location located in Seoul, South Korea.

Which level of CSAP certification is obtained?

AWS obtained CSAP certification for Low tier, group C.

Who are CSAP assessors?

CSAP Assessors are KISA (Korea Internet and Security Agency) under Korean MSIT(Ministry of Science and ICT). KISA is also a certification body for CSAP.

How do I request the copy of CSAP certificate?

A copy of the AWS CSAP certificate is available to customers by using AWS Artifact, a self-service portal for on-demand access to AWS compliance reports. Sign in to AWS Artifact in the AWS Management Console, or learn more at Getting Started with AWS Artifact.

Can I use other AWS services that are not included in the CSAP assessment?

If you are public organizations subjected to CSAP requirement, you cannot use the service not listed in service in AWS Services in Scope by Compliance Program.

How often does the AWS CSAP certification audit take place?

AWS' CSAP certification is effective for a period of 5 years from the certification date (i.e., March 26, 2025), as long as AWS passes an annual surveillance audit.

How can I get a list of CSAP certified companies?

Korea Internet & Security Agency (KISA) provides a list of K-ISMS certified enterprises and organizations via its website.

How customer can get support regarding CSAP certification?

AWS will make available necessary information and procedures to support customers in implementing security for their functions to meet CSAP standard requirements for their compliance. Please contact your AWS AM(Account Manager) to get proper support.

Where can I find more information about the CSAP program?

For more information, see CSAP webpage on the KISA website.