CISO: Cloud Security Alliance offers a variety of self and auditor attested frameworks specifically designed for cloud service providers. There is little consensus in the industry in terms of expected (and perhaps mandatory) minimums. The challenge is the sheer number and variety of standards, he says. Premium and mature IaaS and SaaS providers appear to be adopting the following certifications and attestations: SOC 1, 2 or 3; HIPAA/HITRUST/DSS/CSA STAR/HIPAA/DSRUST.”]