Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

Publication Peer Review



Open Until: 05/15/2023

Purpose and Scope of CCMv4-Lite
Cloud Security Alliance and the CCM WG have been developing a lightweight edition of CCM V4 that consists of a minimum baseline and foundational cloud security requirements (essentially a subset of very essential controls selected from the existing stack of 197 controls in current CCM V4).

The CCM-Lite is not intended to replace or provide equal level of security protection to CCMv4. Instead it is targeted to be a cost-effective solution designed for adoption by low-risk profile cloud organizations, such as Small and Medium Enterprises (SMEs) with limited IT and/or cybersecurity expertise and resources. Cloud SMEs will be thus enabled to prioritize the cybersecurity measures needed to safeguard their infrastructure from common cloud security attacks, and as a result of that put in place and demonstrate basic cloud-security hygiene.

Selection and Prioritization Process
The results in the CSA Top threats 2022 report have been leveraged and used as the basis for extracting the first set of candidate CCM-Lite controls. This initial selection was then reviewed by the CCM WG and Co-chairs to derive a final draft version that is shared with you.

Peer Review Objective
The objective of the peer review is to affirm and collect feedback on the selected set of candidate controls in this final draft CCM-Lite. Your feedback is asked to validate whether (or not) the selected controls represent a cost-effective, easy to implement and yet a foundational security solution necessary for a Small and Medium Enterprise’s cloud risk management and security program.

The target audience of CCM-Lite and for this review is smaller cloud organizations seeking to have in place entry-level cloud security hygiene.

Peer Review Guidance
To participate please follow the link to the review site. From there you should be able to navigate to Google Sheets and provide your comments. 
What you will see in the document are the CCM V4 controls and next to them in column E the controls that have been selected to be included in the CCM-Lite. Your comments are needed in alignment to the ‘Peer Review Objective’ section above.

Please do not provide editorial comments (i.e., grammar, formatting, etc.) but rather focus on the content of the document.

Peer review period has ended.