Cloud Security Alliance Releases Minor Update to CCM v3.0.1
Published 11/12/2018
(Note: This blog refers to an old version of the CCM. Find the latest version here.)
By the CSA Research Team
The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Working Group has released a minor update for the CCM v3.0.1. This update incorporates mappings to IEC 62443-3-3 and BSI Compliance Controls Catalogue (C5).
The CCM is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.
As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry. It strengthens existing information security control environments by emphasizing business information security control requirements, reduces and identifies consistent security threats and vulnerabilities in the cloud, provides standardized security and operational risk management, and seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.
The CSA CCM Working Group would like to thank the following individuals for their contributions to this minor update:
Siemens
- Claus Matzke
- Kristian Beckers
CCM Working Group
- Noel Haskins-Hafer
- Kris Seeburn
- Amita Radhakrishnan
- Angela Dogan
- Dibya Ranjan Nath
- Hardeep Mehrotara
- Jevon Wooden
- Keith Stocks
- Leena Singal
- Loredana Mancini
- Manjunath A.T.
- Michael Roza
- Reid Leake
- Subrata Baguli
- Umar Khan
- Vamsi Kaipa
If you are interested in participating in future CCM Working Group activities, please feel free to sign up for the working group.
Unlock Cloud Security Insights
Subscribe to our newsletter for the latest expert trends and updates
Related Articles:
The Role of CSA STAR in Vendor Security Assessments
Published: 07/13/2026
Validating LLM-Generated Control Mappings Beyond Aggregate Accuracy
Published: 07/02/2026
Introducing the AI Security Maturity Model (AISMM)
Published: 05/20/2026
.png)

.png)



