Authority: BSI
DESC CSP Security Standard

Cloud that government can trust

The CSP Security Standard sets the security baseline for cloud service providers that host Dubai government and semi-government workloads — covering how they protect identity, data, operations and continuity.

At a glance

AudienceCloud service providers
Formal authorityBSI
Validity3 years
SurveillanceAnnual check-in
Continuous assuranceIncluded

Who must hold it

Any cloud service provider contracting with a Dubai government or semi-government entity to host, process or store its data is expected to hold CSP certification for the services in scope. This includes IaaS, PaaS and SaaS offerings where government information is handled.

What the standard covers

A plain-language view of the control domains an applicant is assessed against.

The certification path

BSI conducts the accredited audit that underpins the certificate; DESC makes the final certification decision. Once certified, the continuous-assurance layer keeps the picture current between the annual surveillance points.

The role of BSI

BSI is the accredited audit authority for the CSP Standard. Its assessment is the rigorous, formal basis on which certification rests. The platform does not replace that audit — it extends its reach across the three years in between, so a point-in-time result stays trustworthy as systems evolve.