Download Publication
CCM v3.0.1 Addendum - FedRAMP Moderate
Release Date: 08/03/2019
Working Group: Cloud Controls Matrix
The document aims to help FedRAMP compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in FedRAMP in
relation to the CCM. This document contains the following information:
• Controls Mapping
• Gap Analysis
• Gap Identification (i.e. Partial, Full or No Gap)
Download this Resource
Prefer to access this resource without an account? Download it now.
Acknowledgements
Chris Shull
Chief Information Security Officer
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...
Victor Chin
Shawn Harris
Director of Information Security
With more than 25 years of information security experience, Shawn Harris is currently the Director of Information Security at Starbucks Coffee Company. His background includes engineering, architecture, and executive responsibilities. Shawn is currently co-chair of the CSA Cloud Controls Matrix working group, where he led efforts to develop the Cloud Control Matrix 4.0. Additionally, he has served on CSA’s Consensus Assessments ...
Angela Dogan
Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners
Angela Dogan is the Director, Vendor Risk Management and Compliance Services for Lynx Technology Partners. Previously, she served as Senior Project Manager for the Santa Fe Group and Vendor Auditor for Resurgent Capital Services.
With 15 years in the financial services industry, she is well-versed in standardized control frameworks such as those created by the Shared Assessments Program and Cloud Security Alliance, where she is a memb...
Reid Leake
Erik Johnson
Cloud Security Specialist & Senior Research Analyst, CSA
Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).
I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.
Linke...
Kevin Bugin
Chris Shull
Chief Information Security Officer
Andrew Williams
Director of Program Development, Coalfire
Andrew Williams is the Director of Program Development at Coalfire. In this role, he is responsible for working closely with Coalfire customers, industry bodies and regulatory authorities, and internal stakeholders to ensure Coalfire’s services, delivery, and talent are aligned to the needs of the future compliance and security landscape.
Andrew previously worked as practice director for Coalfire’s cloud assessment and risk advisory...
William Butler
Douglas Barbin
Principal and Cybersecurity Leader at Schellman & Company, LLC
Lawrence Martin
Gaurav Khanna
Interested in helping develop research with CSA?
Related Certificates & Training
Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage information from CSA's vendor-neutral research to keep data secure on the cloud.
Learn more