VENDOR FAQs

What are the benefits for vendors in the CDSA App & Cloud Assessment Program?

The CDSA App & Cloud program provides a number of benefits to vendors, including:

  • Promote their high security/low risk to the industry and their customers
  • One assessment that should satisfy the majority of content owner requirements
  • Understanding of the risks and real-time threats against operations they have

Will content owners still be conducting their own assessments?

One of the primary objectives of the CDSA App & Cloud Assessment Program is to establish a clear and broad set of security elements that would satisfy all or the vast majority of content owner requirements…and why these content owners have been so involved in its creation.  Content owners would like to dramatically reduce the level of independent assessments they are doing, as would the partners being assessed…and get to a single assessment approach that satisfies most if not all of the key risk areas.

How does a vendor get their information published in the CDSA App & Cloud Assessment Program directory?

Once enrolled in the CDSA A&C Program, the vendor/app/cloud provider will have their company information, along with any authorized supporting assessment materials, published in the vendor roster.  In the future, CDSA A&C will also provide a top-level sense of risk on its Risk Dashboard.

Can I “fail” a CDSA App & Cloud assessment?

The CDSA A&C assessment does not provide a “pass/fail”, but rather a comprehensive determination against the CDSA A&C Security Framework.  The assessment will determine whether the Framework requirements are met or not, and whether any remediation work needs to be done to satisfy them.

Does the CDSA App & Cloud Assessment Program substitute for ISO or other standards bodies?

The CDSA A&C assessment and credential is designed to be the benchmark for the Media & Entertainment industry’s handling of content across all phases of the supply chain, including all of the application, cloud, and other infrastructure and tools that are a core part of creation and distribution. In developing our Security Framework, we leverage other standards such as ISO.  If you have completed an ISO or other standard industry audit, the CDSA A&C will accept those audits and focus on the specific areas not covered by those other assessments.

Who pays for the CDSA App & Cloud assessments?

Assessment fees are underwritten by the vendor, app developer, or cloud provider in order to determine their level of security risk mitigation against the CDSA A&C security framework. This single industry-wide assessment will provide a foundation for their M&E customers to understand their risk profile, their status in any remediation work, and configuration guidelines in how to implement and use their product or services securely.

How much does a CDSA A&C assessment cost?

The cost of an assessment is negotiated, on a case-by-case basis, between the CDSA A&C Qualified Assessor Company and the vendor/provider making the assessment request. The CDSA has no control of the pricing models of individual assessors and/or their firms but is open for feedback as to what would help make the program better, including any concerns with their Qualified Assessor Companies.

Who gets to see the CDSA App & Cloud Assessment Report?

The detailed Assessment Report will be made available to the party being assessed, the party paying for the assessment, and the Qualified Assessor.  Summarized views of assessment status and risk (but no details) will be available to content producers that are members of the CDSA App & Cloud Assessment Program,  as well as our internal quality assurance experts. No other vendors, competitors or otherwise, will be able to see your assessments or any information contained within. Additionally, as a supplier or tool partner and funded your assessment, you may share your detailed Assessment Report with anyone you wish.

How frequent are the CDSA A&C assessments?

Due to the dynamic nature of the security landscape and the ongoing development and refinement of security controls, CDSA A&C assessments renew annually.  We also have dynamic risk/threat data that can help us understand if there are new threats against an existing and assessed facility/app/cloud solution.

Who are the CDSA App & Cloud Qualified Assessors?

Qualified Assessors undergo a strict review and approval process as to their expertise in evaluating against the CDSA A&C Security Framework. Anyone needing a qualifying assessment will use the CDSA A&C online platform to fill out some initial information, chose an assessor, and engage on the assessment.

When does this all happen?

The CDSA App & Cloud Assessment Program initially launched on July 1st, 2021 and will be adding capabilities each quarter.  In addition, there is a beta program where new features are fine-tuned before formal production release.  If interested, click here to request an assessment.

Where can I find out more?

Contact CDSA for more information at [email protected]