Download Publication

Who it's for:
- auditors
- cloud service providers
- cloud customers
CCMv4.0 Auditing Guidelines
Release Date: 12/08/2021
Working Group: Cloud Controls Matrix Working Group
- What the different CCM audit areas are
- How to perform a CCM-related audit and assessment of organizations of any size, business, cloud deployment complexity, or maturity
Download this Resource
Related Resources
Acknowledgements

Vani Murthy
Sr. Information Security Compliance Advisor, Akamai Technologies
Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture

Tanya Tipper-Luster
Director, Cloud Security
This person does not have a biography listed with CSA.

Renu Bedi
Manager-IT Security
This person does not have a biography listed with CSA.

Erik Johnson
Cloud Security Specialist & Senior Research Analyst
Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).
I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.
Linke...

Robin Basham
CEO
Robin Basham recently lead the Cloud Security Alliance CCM 4 to NIST 800-53 R5 Working Group. This effort began as a proposed commitment in April, involving the collaboration of some of our biggest and most well respected East Bay Enterprises. Leveraging the talent of 20 volunteers and mappings as designed in three major companies, the CCM WG produced a refined mapping t...

Agnidipta Sarkar
Group CISO, Biocon
Agnidipta Sarkar has been evangelizing Cybersecurity, Privacy, Business Continuity, Digital Resilience, and Standardization through speaking at industry forums like Gartner, IDC, EC-Council, ISMG, BCI Global, CORE Resilience, etc. and through his contributions to standards bodies like the ISO, Cloud Security Alliance, and the Business Continuity Institute. He is a member of ISO panels for security & privacy, continuity & resilience, and ris...

Michael Roza
Risk, Audit, Control, and Compliance Professional
Since 2012 Michael has contributed to over 85 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud Ke...

Ashish Vashishtha
Security Compliance Leader
Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

John DiMaria
STAR Program Director, CSA
This person does not have a biography listed with CSA.

Angell Duran
This person does not have a biography listed with CSA.

Harry Lu
Manager, PwC Cybersecurity
Harry Lu brings perspectives of Cloud Security from the professional services industry. He is currently an Associate Director with Protiviti’s Cloud Security team. Harry’s background includes security strategy planning, security operations development and security executive consulting roles. He has also had years of hands-on experience implementing cloud security technologies across SaaS, IaaS and hybrid cloud environments. From his experie...

Agnidipta Sarkar
Group CISO, Biocon
Agnidipta Sarkar has been evangelizing Cybersecurity, Privacy, Business Continuity, Digital Resilience, and Standardization through speaking at industry forums like Gartner, IDC, EC-Council, ISMG, BCI Global, CORE Resilience, etc. and through his contributions to standards bodies like the ISO, Cloud Security Alliance, and the Business Continuity Institute. He is a member of ISO panels for security & privacy, continuity & resilience, and ris...

Claus Matzke
This person does not have a biography listed with CSA.

Parminder Bawa
This person does not have a biography listed with CSA.

Bilal Khattak
This person does not have a biography listed with CSA.

Daniele Catteddu
Chief Technology Officer, CSA
Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...

Joel John
IT Secuirty and Risk Professional for Aneja Asssociates
I work with Eleftherios in CSA working groups for mapping CCM v4 with various industry standards.

Damian Heal
This person does not have a biography listed with CSA.

Shawn Harris
Director of Information Security
With more than 25 years of information security experience, Shawn Harris is currently the Director of Information Security at Starbucks Coffee Company. His background includes engineering, architecture, and executive responsibilities. Shawn is currently co-chair of the CSA Cloud Controls Matrix working group, where he led efforts to develop the Cloud Control Matrix 4.0. Additionally, he has served on CSA’s Consensus Assessments ...

Sean Cordero
Sean Cordero brings more than 15 years of information security and IT experience to his current role as director, information security at Optiv. Cordero provides executive level advisement for the company’s Fortune 50 clients. Cordero’s prior leadership roles included: President of Cloud Watchmen, CSO for EdFund, CSO for ECMC West, Director of Security and Compliance for Charlotte Russe.
Cordero is a thought-leader and serves as chair...

David Nickles
Global Audit Program Manager for FSIs
David Nickles is a Global Audit Program Manager for FSI’s at Amazon Web Services (AWS). His work focuses on enabling financial services institutions to move their workloads to the cloud by providing sound guidance for building programs to ensure regulatory, governance, risk, compliance, audit, and security control requirements are met, align to industry best practices, and appropriate due diligence activity is completed. Prior to AWS, David...

Sanjeev Gupta
This person does not have a biography listed with CSA.

Jan Jacobsen
This person does not have a biography listed with CSA.

Steve Sparkes
This person does not have a biography listed with CSA.

Brian Dorsey
This person does not have a biography listed with CSA.

Krishna das Manghat
Contributed to CCM V.4.06, including the ISO 27001:2022 mapping with CCM. My area of contribution was Application Security. I worked closely with Lefteris from CSA on this exercise.