Download Publication
.png)
CCM Video Series: TVM - Threat & Vulnerability Management
Release Date: 11/02/2024
In this presentation we cover the Threat and Vulnerability Management (TVM) domain, which features ten control specifications aimed at helping both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) proactively identify and mitigate security threats and vulnerabilities in the cloud environment. These controls are designed to address evolving threats that could impact assets, security architectures, and solution components.
According to the Shared Security Responsibility Model (SSRM), CSPs and CSCs share responsibilities for implementing TVM controls. CSPs are responsible for identifying, assessing, reporting, and remediating vulnerabilities related to infrastructure, network devices, virtualization technologies, operating systems, and platform applications. CSCs, on the other hand, focus on vulnerabilities in their applications and APIs, including security settings and access misconfigurations.
Effective collaboration between CSPs and CSCs in implementing TVM controls enhances the overall cloud security posture by addressing vulnerabilities throughout the entire cloud infrastructure, from the underlying platforms to the deployed applications.
According to the Shared Security Responsibility Model (SSRM), CSPs and CSCs share responsibilities for implementing TVM controls. CSPs are responsible for identifying, assessing, reporting, and remediating vulnerabilities related to infrastructure, network devices, virtualization technologies, operating systems, and platform applications. CSCs, on the other hand, focus on vulnerabilities in their applications and APIs, including security settings and access misconfigurations.
Effective collaboration between CSPs and CSCs in implementing TVM controls enhances the overall cloud security posture by addressing vulnerabilities throughout the entire cloud infrastructure, from the underlying platforms to the deployed applications.
Download this Resource
Are you a research volunteer? Request to have your profile displayed on the website here.
Related Certificates & Training

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage information from CSA's vendor-neutral research to keep data secure on the cloud.
Learn more
Learn more