Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Download Publication

Home
Publications
CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1
CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

Release Date: 01/18/2019

Working Group: Cloud Controls Matrix

This document is an addendum to the Cloud Controls Matrix
(CCM) V3.0.1 controls. It contains the additional controls that serves to
bridge the gap between CCM and ISO/IEC 27002:2013, ISO/IEC 27017:2015 and
ISO/IEC 27018:2014.
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources

Related Resources

PublicationsBlogs
NIST CSF v2 Cloud Community Profile - Based on CCM v4
NIST CSF v2 Cloud Community Profile - Based on ...
Download Now
Informative Reference Details for the Mapping of CCM v4 to NIST CSF v2
Informative Reference Details for the Mapping o...
Download Now
CCM-Lite and CAIQ-Lite
CCM-Lite and CAIQ-Lite
Download Now
View all publications
CSA Community Spotlight: Addressing Emerging Security Challenges with CISO Pete Chronis
CSA Community Spotlight: Addressing Emerging Security Challenges wi...
Published: 11/18/2024
The Future of Compliance: Adapting to Digital Acceleration and Ephemeral Technologies
The Future of Compliance: Adapting to Digital Acceleration and Ephe...
Published: 11/07/2024
Streamlining Cloud Security: Integrating CSA CCM Controls into Your ISO/IEC 27001 Framework
Streamlining Cloud Security: Integrating CSA CCM Controls into Your...
Published: 10/29/2024
How CSA Research Uses the Cloud Controls Matrix to Address Diverse Security Challenges
How CSA Research Uses the Cloud Controls Matrix to Address Diverse ...
Published: 10/25/2024
View all blogs
View all webinars

Acknowledgements

Chris Shull
Chris Shull
Chief Information Security Officer

Chris Shull

Chief Information Security Officer

Victor Chin Headshot Missing
Victor Chin

Victor Chin

Sean Cordero
Sean Cordero

Sean Cordero

Sean Cordero brings more than 15 years of information security and IT experience to his current role as director, information security at Optiv. Cordero provides executive level advisement for the company’s Fortune 50 clients. Cordero’s prior leadership roles included: President of Cloud Watchmen, CSO for EdFund, CSO for ECMC West, Director of Security and Compliance for Charlotte Russe.

Cordero is a thought-leader and serves as chair...

Read more

Shahid Sharif Headshot Missing
Shahid Sharif

Shahid Sharif

Angela Dogan
Angela Dogan
Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners

Angela Dogan

Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners

Angela Dogan is the Director, Vendor Risk Management and Compliance Services for Lynx Technology Partners. Previously, she served as Senior Project Manager for the Santa Fe Group and Vendor Auditor for Resurgent Capital Services.

With 15 years in the financial services industry, she is well-versed in standardized control frameworks such as those created by the Shared Assessments Program and Cloud Security Alliance, where she is a memb...

Read more

Madhav Chablani Headshot Missing
Madhav Chablani
Consulting CIO, TippingEdge Consulting

Madhav Chablani

Consulting CIO, TippingEdge Consulting

Reid Leake Headshot Missing
Reid Leake

Reid Leake

Ahmed Maaloul Headshot Missing
Ahmed Maaloul

Ahmed Maaloul

William Butler Headshot Missing
William Butler

William Butler

Ai-Ping Foo Headshot Missing
Ai-Ping Foo

Ai-Ping Foo

Eric Tierling Headshot Missing
Eric Tierling

Eric Tierling

Adnan Dakhwe Headshot Missing
Adnan Dakhwe

Adnan Dakhwe

Josep Bardallo Headshot Missing
Josep Bardallo

Josep Bardallo

Puneet Thapliyal Headshot Missing
Puneet Thapliyal

Puneet Thapliyal

Alejandro del Rio Betancourt Headshot Missing
Alejandro del Rio Betancourt

Alejandro del Rio Betancourt

Bunmi Ogun Headshot Missing
Bunmi Ogun

Bunmi Ogun

Chris Sellards Headshot Missing
Chris Sellards

Chris Sellards

Kazuki Yonezawa Headshot Missing
Kazuki Yonezawa

Kazuki Yonezawa

Kelvin Arcelay Headshot Missing
Kelvin Arcelay

Kelvin Arcelay

Masahiro Morozumi
Masahiro Morozumi
Executive Director, CSA Japan Chapter

Masahiro Morozumi

Executive Director, CSA Japan Chapter

Masahiro Morozumi is the executive director of CSA Japan Chapter. He is a founding member of CSA Japan Chapter. He has been working for information security, and founded his own consulting firm back in 2014 with the aim to promote Cloud adoptionproviding consultation to SMEs on how to move to Cloud securely. He also participates in different CSA research and works to promote adoption of CSA’s best practices in different Cloud based...

Read more

Mariela Rengel Headshot Missing
Mariela Rengel

Mariela Rengel

Mohin Gulzar Headshot Missing
Mohin Gulzar

Mohin Gulzar

Saraj Mohammed Headshot Missing
Saraj Mohammed

Saraj Mohammed

Muswagha Katya Headshot Missing
Muswagha Katya

Muswagha Katya

Debjyoti Mukherjee
Debjyoti Mukherjee
Associate Director for RBC

Debjyoti Mukherjee

Associate Director for RBC

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Join this Working Group
View all Working Groups

Related Certificates & Training