Download Publication
CCM v3.0.1 Addendum - FedRAMP Moderate
Release Date: 08/03/2019
Working Group: Cloud Controls Matrix
The document aims to help FedRAMP compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in FedRAMP in
relation to the CCM. This document contains the following information:
• Controls Mapping
• Gap Analysis
• Gap Identification (i.e. Partial, Full or No Gap)
Download this Resource
Prefer to access this resource without an account? Download it now.
Acknowledgements
Chris Shull
Chief Information Security Officer
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His lea...
Victor Chin
Shawn Harris
Director of Information Security
With more than 25 years of information security experience, Shawn Harris is currently the Director of Information Security at Starbucks Coffee Company. His background includes engineering, architecture, and executive responsibilities. Shawn is currently co-chair of the CSA Cloud Controls Matrix working group, where he led efforts to develop the Cloud Control Matrix 4.0. Additionally, he has served on CSA’s Consensus Assessments ...
Angela Dogan
Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners
Angela Dogan is the Director, Vendor Risk Management and Compliance Services for Lynx Technology Partners. Previously, she served as Senior Project Manager for the Santa Fe Group and Vendor Auditor for Resurgent Capital Services.
With 15 years in the financial services industry, she is well-versed in standardized control frameworks such as those created by the Shared Assessments Program and Cloud Security Alliance, where she is a memb...
Reid Leake
Erik Johnson
Cloud Security Specialist & Senior Research Analyst, CSA
Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).
I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.
Linke...
Kevin Bugin
Chris Shull
Chief Information Security Officer
Andrew Williams
Director of Program Development, Coalfire
Andrew Williams is the Director of Program Development at Coalfire. In this role, he is responsible for working closely with Coalfire customers, industry bodies and regulatory authorities, and internal stakeholders to ensure Coalfire’s services, delivery, and talent are aligned to the needs of the future compliance and security landscape.
Andrew previously worked as practice director for Coalfire’s cloud assessment and risk advisory...
William Butler
Douglas Barbin
Principal and Cybersecurity Leader at Schellman & Company, LLC
Lawrence Martin
Gaurav Khanna
Interested in helping develop research with CSA?
Related Certificates & Training
Learn more