Download Publication

Cloud Controls Matrix v4
Cloud Controls Matrix v4

Cloud Controls Matrix v4

Release Date: 03/15/2021

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto standard for cloud security and privacy. Version 4 of the CCM constitutes a significant upgrade to the previous version (v3.0.1) by delivering a significant increase of requirements as result of developing additional controls and updating existing ones. The objective of this update was to continue to lead the security industry and market as the cloud provider and user-centric control framework of choice for all.

Related Certificates & Training | STAR Program

Controls Applicability Matrix Now Available: This matrix acts as a guide to help organizations determine the shared responsibilities between the CSPs and CSCs when implementing a CCM control. For each control it also identifies which cloud architectural and organizational stack and cloud service models are applicable. 

Mappings currently available for version 4:

  • CCM v4 to CCMv3.0.1: This mapping aims to help existing users of the CCMv3.0.1 to transition to the CCMv4.0 requirements.

  • ISO27001/02/17/18: The mapping with ISO/IEC 27001/02/17/18 standards identifies the equivalence, gaps and misalignment between the control specifications of the CCM V4 and the ISO/IEC 27K family of standards. 
You can learn about the transition timeline for v3.0.1 to v4, and how that will affect STAR Registry submissions in this blog.

Help CSA better understand how we can support the cloud community. Answer a couple of questions to download this resource.

In my current job I work in:

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

You’ve made safer cloud computing possible.

Download
Provide feedback on this form

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

Download
Provide feedback on this form