Cloud 101
Circle
Events
Blog

Download Publication

CCM v4.0 Implementation Guidelines
CCM v4.0 Implementation Guidelines

CCM v4.0 Implementation Guidelines

Release Date: 09/13/2021

This document will help you understand how to navigate through the Cloud Controls Matrix v4 to use it effectively and interpret and implement the CCM control specifications.  The document’s main goal is to support the implementation of CCM controls and provide guidance in the form of recommendations on how that can be properly achieved per each CCM control specification. 

The CCM Implementation guidelines are a collaborative product from volunteering subject matter experts within the CCM Working Group. It is based on the shared experiences of both cloud providers and cloud customers in implementing and securing cloud services when leveraging the CCM controls.

The guidelines are also available in a spreadsheet format, where they can be leveraged alongside the rest of the CCMv4 components.



Download this Resource

Prefer to access this resource without an account? Download it now.

Acknowledgements

Vani Murthy Headshot
Vani Murthy
Senior advisor Security & Compliance at Akamai Technologies

Vani Murthy

Senior advisor Security & Compliance at Akamai Technologies

Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture

Read more

Johan Olivier Headshot
Johan Olivier
Security and Compliance Director

Johan Olivier

Security and Compliance Director

I am a Security and Compliance Director at QorusDocs where I am responsible for the company-wide information security posture and SOC 2 Type 2 compliance.

My career in the compliance space is backed by 20 years’ experience as a Software Solutions Architect and 2.5 years in an executive leadership position as SVP of Engineering.

Having worked in seven countries across four continents I have developed a special interest in behav...

Read more

Geoff Bird Headshot
Geoff Bird
Chief Information Security Officer

Geoff Bird

Chief Information Security Officer

This person does not have a biography listed with CSA.

Ashish Vashishtha Headshot
Ashish Vashishtha
Cybersecurity - Sr. Risk Manager & Security Architect at IBM

Ashish Vashishtha

Cybersecurity - Sr. Risk Manager & Security Architect at IBM

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Erik Johnson Headshot
Erik Johnson
Cloud Security Specialist & Senior Research Analyst

Erik Johnson

Cloud Security Specialist & Senior Research Analyst

Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).

I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.

Linke...

Read more

Michael Roza Headshot
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 85 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud Key M...

Read more

Agnidipta Sarkar Headshot
Agnidipta Sarkar
Group CISO for Biocon Ltd.

Agnidipta Sarkar

Group CISO for Biocon Ltd.

Agnidipta Sarkar has been evangelizing Cybersecurity, Privacy, Business Continuity, Digital Resilience, and Standardization through speaking at industry forums like Gartner, IDC, EC-Council, ISMG, BCI Global, CORE Resilience, etc. and through his contributions to standards bodies like the ISO, Cloud Security Alliance, and the Business Continuity Institute. He is a member of ISO panels for security & privacy, continuity & resilience, and ris...

Read more

Bala Krishnan Headshot
Bala Krishnan
Sr. GRC SpecialistSr. GRC Specialist

Bala Krishnan

Sr. GRC SpecialistSr. GRC Specialist

Senior level CyberSecurity/Governance Risk and Compliance (GRC) Specialist with a Big4 background and 15 years’ experience (and several certifications) in the areas of Risk and Compliance Management, including Privacy and 3rd party risk management.

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?