Cloud 101CircleEventsBlog
Take the Understanding Data Risk Survey to help shape the future of data security!

Download Publication

CCM v3.0.1 Addendum - FedRAMP Moderate
CCM v3.0.1 Addendum - FedRAMP Moderate

CCM v3.0.1 Addendum - FedRAMP Moderate

Release Date: 08/03/2019

Working Group: Cloud Controls Matrix

This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the FedRAMP R4 Moderate Baseline.

The document aims to help FedRAMP compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in FedRAMP in
relation to the CCM. This document contains the following information:
• Controls Mapping
• Gap Analysis
• Gap Identification (i.e. Partial, Full or No Gap)
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources
NIST CSF v2 Cloud Community Profile - Based on CCM v4
NIST CSF v2 Cloud Community Profile - Based on ...
Informative Reference Details for the Mapping of CCM v4 to NIST CSF v2
Informative Reference Details for the Mapping o...
CCM-Lite and CAIQ-Lite
CCM-Lite and CAIQ-Lite
Streamlining Cloud Security: Integrating CSA CCM Controls into Your ISO/IEC 27001 Framework
Streamlining Cloud Security: Integrating CSA CCM Controls into Your...
Published: 10/29/2024
How CSA Research Uses the Cloud Controls Matrix to Address Diverse Security Challenges
How CSA Research Uses the Cloud Controls Matrix to Address Diverse ...
Published: 10/25/2024
CSA Community Spotlight: Bolstering the Mission of Cybersecurity with CEO Avani Desai
CSA Community Spotlight: Bolstering the Mission of Cybersecurity wi...
Published: 10/02/2024
Implementing the Shared Security Responsibility Model in the Cloud
Implementing the Shared Security Responsibility Model in the Cloud
Published: 09/27/2024
Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
November 6 | Online
Smart SOC 2: Automating Compliance with Drata and AWS
Smart SOC 2: Automating Compliance with Drata and AWS
November 12 | Online

Acknowledgements

Chris Shull
Chris Shull
Chief Information Security Officer

Chris Shull

Chief Information Security Officer

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Victor Chin Headshot Missing
Victor Chin

Victor Chin

Shawn Harris
Shawn Harris
Director of Information Security

Shawn Harris

Director of Information Security

With more than 25 years of information security experience, Shawn Harris is currently the Director of Information Security at Starbucks Coffee Company. His background includes engineering, architecture, and executive responsibilities. Shawn is currently co-chair of the CSA Cloud Controls Matrix working group, where he led efforts to develop the Cloud Control Matrix 4.0. Additionally, he has served on CSA’s Consensus Assessments ...

Read more

Angela Dogan
Angela Dogan
Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners

Angela Dogan

Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners

Angela Dogan is the Director, Vendor Risk Management and Compliance Services for Lynx Technology Partners. Previously, she served as Senior Project Manager for the Santa Fe Group and Vendor Auditor for Resurgent Capital Services.

With 15 years in the financial services industry, she is well-versed in standardized control frameworks such as those created by the Shared Assessments Program and Cloud Security Alliance, where she is a memb...

Read more

Reid Leake Headshot Missing
Reid Leake

Reid Leake

Erik Johnson
Erik Johnson
Cloud Security Specialist & Senior Research Analyst, CSA

Erik Johnson

Cloud Security Specialist & Senior Research Analyst, CSA

Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).

I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.

Linke...

Read more

Kevin Bugin Headshot Missing
Kevin Bugin

Kevin Bugin

Chris Shull
Chris Shull
Chief Information Security Officer

Chris Shull

Chief Information Security Officer

Andrew Williams
Andrew Williams
Director of Program Development, Coalfire

Andrew Williams

Director of Program Development, Coalfire

Andrew Williams is the Director of Program Development at Coalfire. In this role, he is responsible for working closely with Coalfire customers, industry bodies and regulatory authorities, and internal stakeholders to ensure Coalfire’s services, delivery, and talent are aligned to the needs of the future compliance and security landscape.

Andrew previously worked as practice director for Coalfire’s cloud assessment and risk advisory...

Read more

William Butler Headshot Missing
William Butler

William Butler

Douglas Barbin
Douglas Barbin
Principal and Cybersecurity Leader at Schellman & Company, LLC

Douglas Barbin

Principal and Cybersecurity Leader at Schellman & Company, LLC

Lawrence Martin Headshot Missing
Lawrence Martin

Lawrence Martin

Gaurav Khanna Headshot Missing
Gaurav Khanna

Gaurav Khanna

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training