Cloud Security Assurance Program in Korea (CSAP)

Overview

The Cloud Security Assurance Program (CSAP) enables Korean public sector customers to comply with Korean security standards and regulations stipulated by the Korean government. By obtaining this certification, AWS can now provide secure cloud services to domestic public sector organizations, enabling them to safely innovate on the AWS platform.

CSAP is a Korean government-backed certification administered by the Korea Internet and Security Agency (KISA) and affiliated with the Ministry of Science and ICT (MSIT) of Korea. CSAP is a security certification system that evaluates cloud computing services against established security standards, as mandated by Article 23-2 of the Act on the Development of Cloud Computing and User Protection. This certification ensures and enhances information protection standards for services provided by cloud service providers. CSAP was introduced in 2017 with two main purposes:

  1. To provide national and public institutions with verified, safe, and reliable private cloud services.
  2. To implement objective and fair security certification standards that address users' security concerns while enhancing cloud service competitiveness.

AWS services in scope for the CSAP certification can be found at AWS Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

CSAP logo

Page topics

FAQs

FAQs

Open all

Asia Pacific (Seoul) Region and the AWS Edge Location located in Seoul, South Korea.

AWS obtained CSAP certification for Low tier, group C.

CSAP Assessors are KISA (Korea Internet and Security Agency) under Korean MSIT(Ministry of Science and ICT). KISA is also a certification body for CSAP.

A copy of the AWS CSAP certificate is available to customers by using AWS Artifact, a self-service portal for on-demand access to AWS compliance reports. Sign in to AWS Artifact in the AWS Management Console, or learn more at Getting Started with AWS Artifact.

If you are public organizations subjected to CSAP requirement, you cannot use the service not listed in service in AWS Services in Scope by Compliance Program.

AWS' CSAP certification is effective for a period of 5 years from the certification date (i.e., March 26, 2025), as long as AWS passes an annual surveillance audit.

Korea Internet & Security Agency (KISA) provides a list of K-ISMS certified enterprises and organizations via its website.

AWS will make available necessary information and procedures to support customers in implementing security for their functions to meet CSAP standard requirements for their compliance. Please contact your AWS AM(Account Manager) to get proper support.

For more information, see CSAP webpage on the KISA website.