Cloud Controls Matrix (CCM) Now Mapped to OpenCRE, Cloud Security Alliance Announces

Mapping serves to strengthen security landscape by cross-linking CCM to multiple other standards in one repository

SEATTLE – Sept. 28, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced that its Cloud Controls Matrix v4 (CCM), the leading cybersecurity control framework for cloud computing, has been integrated into Open Worldwide Application Security Project (OWASP)’s OpenCRE, an interactive content linking platform for uniting security standards and guidelines into a single overview.

“The mapping of CCM v4 into the OpenCRE marks an important step toward strengthening the overall cybersecurity landscape,” said Eleftherios Skoutaris, CCM Program Manager, Cloud Security Alliance. “Now, any security practitioner utilizing CCM will easily be able to find mapping information for any other standard supported by OpenCRE.”

OpenCRE.org provides an integrated overview of cybersecurity topics with cross-links across multiple standards, including ISO/IEC 27001, the OWASP Top 10, Application Security Verification Standard (ASVS), OWASP Proactive Controls, OWASP Testing Guide, OWASP Cheat Sheets, Common Weakness Enumeration (CWE), Common Attack Pattern Enumeration and Classification (CAPEC), National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, NIST SP 800-63b, SSDF, and more. Google account holders are also able to ask security questions through OpenCRE-Chat.

"Our goal at OpenCRE is to provide security professionals with complete visibility into current security regulations and standards," said Spyros Gasteratos, one of the founders of OpenCRE. “With this mapping, security professionals now have an even more robust and up-to-date catalog of security advice and best practices at their fingertips.”

OpenCRE links each section of a resource, such as a standard or guideline, to a shared topic, known as a Common Requirement, and in turn links that section with all other resources on the same topic. This 1) enables users to find all combined information from relevant sources, 2) facilitates a shared and better understanding of cyber security, and 3) allows standard makers to have links that keep working and offer all the information that readers require, alleviating their need to cover everything themselves.

The CCM is composed of 197 control objectives that are structured in 17 domains, covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The control framework is aligned to the CSA Security Guidance for Cloud Computing and is the de facto standard for cloud security assurance and compliance.

Learn more about this mapping.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Media Contacts
Kristina Rundquist
ZAG Communications for CSA
[email protected]