Compliance

Preparing for STAR Attestation in AI

Grayson taylor

Grayson Taylor

Sr. Director, Global Assurance

October 2, 2025
Web Image Preparing for STAR Attestation in AI

The Cloud Security Alliance (CSA) is expanding its STAR program to tackle an exciting new frontier: artificial intelligence! This timely move reflects the surging demand for trusted, standardized assurance frameworks that measure the security, compliance, and governance of AI services. For Certified Public Accountants (CPAs) and firms conducting assurance engagements, this means gearing up to deliver CSA STAR Attestation for AI. We at Coalfire are thrilled to be actively positioning ourselves to support this next phase of assurance.

The CSA STAR framework for AI builds on the solid foundation of the Cloud Controls Matrix (CCM), one of the most widely recognized control sets for cloud security. By extending this matrix into AI, CSA is creating an authoritative source for evaluating how organizations manage AI-related risks, including transparency, fairness, accountability, privacy, and resilience. Just as the CCM has guided cloud assurance, STAR for AI offers a structured approach for AI systems.

What makes STAR Attestation for AI especially valuable is how it supplements SOC 2 reporting. By design, STAR builds on the Trust Services Criteria of SOC 2 but adds AI-specific criteria, giving stakeholders deeper assurance on how AI systems are governed and controlled. Rather than replacing SOC 2, STAR enhances it by expanding the scope of assurance beyond traditional IT and cloud controls into emerging AI risk areas.

For us at Coalfire, this represents an exciting opportunity to broaden our expertise in SOC reporting while guiding organizations through the next evolution of assurance. Our deep experience with CCM (attestation and certification) assessments and SOC 2 audits positions us perfectly to help companies map their existing controls, identify any gaps, and document compliance against STAR for AI requirements. We can assist every step of the way—from initial readiness assessments and control implementation guidance to full attestation audits—ensuring a smooth path to achieving STAR for AI attestation and building greater trust in your AI deployments.

Preparing for STAR Attestation in AI isn't just about compliance—it's about empowering organizations to innovate responsibly with confidence, while providing auditors with the tools to validate those assurances. We're at Coalfire committed and eager to help enterprises navigate this transition, ensuring that AI assurance is built on the same rigor and credibility that cloud, and SOC reporting has already achieved through STAR!