Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Join global experts tackling cloud, AI, and zero trust challenges. Explore CSA’s upcoming 2026 events →

CCMV4 SSRM Implementation Guidelines

Open Until: 01/04/2024

Home
Publications
CCMV4 SSRM Implementation Guidelines
Cloud Security Alliance (CSA) and the Cloud Controls Matrix (CCM) WG would like to invite cloud organizations and cloud security experts to participate in this open peer review of the “Final Draft” version of the CCM V4 control ownership & implementation guidelines that is developed according to the Cloud Shared Security Responsibility Model (SSRM).

Purpose and Scope of CCM V4 SSRM Project
The Shared Security Responsibility Model (SSRM) is inherent to the use of cloud services. It is essential that cloud service customers (CSCs) are fluent and current in understanding how they and their cloud service providers (CSPs) share the responsibility for securing their cloud footprint. 

The CSA, the CCM WG and our industry partners are interested in extending the CCM V4 framework by developing SSRM implementation guidelines for the 17 security domains and the total of 197 control specifications in the CCM. The objective is to aid cloud stakeholders implement the CCM controls by delineating their security responsibilities within the shared cloud infrastructure.

Peer Review Objective
The objective of this review is twofold:

1. Assess SSRM Guidelines Usefulness. 
The invitation is especially targeting Cloud organizations that are new to the cloud and are seeking for a comprehensive SSRM implementation guidance that is tailored to the CCM V4 controls, enabling them to better understand the controls semantics, the CSP and CSC responsibilities and how the controls should be implemented by each party & according to each service model (IaaS/PaaS/SaaS). Your feedback is valuable to help CSA and the CCM WG evaluate the ‘practical’ usefulness of the SSRM guidelines for you and your organization, and improve them if/where needed.

2. Assess SSRM Guidelines Correctness & Completeness.
The invitation is also extended towards Cloud organizations with mature cloud security programs and highly experienced cloud security experts who are eager to help CSA and the CCM WG to improve the SSRM guidelines by identifying possible areas where these might be incomplete and/or incomprehensible.

Peer Review Duration
The duration of the peer review is going to be set for 30 calendar days starting from the date of publication.
After this period, the CCM WG and its co-chairs are going to work alongside the hyperscalers (Google, AWS, Microsoft) and cloud experts/organizations to consolidate the received feedback into an CCM V4 SSRM Implementation Guidelines final version.

Peer Review Guidance
To participate please follow the link to the review site. From there you should be able to navigate to Google Sheets and provide your comments. 
What you will see in the document are the CCM V4 controls and right below them the SSRM control ownership and implementation guidelines. CCM V4 controls are not in scope of this review.

Your comments are needed in alignment to the review criteria listed in section 2 of the shared document and the ‘Peer Review Objective’ section above.

Please do not provide editorial comments (i.e., grammar, formatting, etc.) but rather focus on the content of the document.


Resource unavailable

Featured by CSA

Want to see your content featured here?

Contact us to learn more!

Explore More of CSA

Research & Best Practices

Stay informed about the latest best practices, reports, and solutions in cloud security with CSA research.

Upcoming Events & Conferences

Stay connected with the cloud security community by attending local events, workshops, and global CSA conferences. Engage with industry leaders, gain new insights, and build valuable professional relationships—both virtually and in person.

Training & Certificates

Join the countless professionals who have selected CSA for their training and certification needs.

Industry News

Stay informed with the latest in cloud security news - visit our blog to keep your competitive edge sharp.