Cloud Controls Matrix and CAIQ v4
Release Date: 06/07/2021
Working Group: Cloud Controls Matrix
What’s included in this download:
- CCM v4
- CAIQ v4
- Implementation Guidelines (coming soon)
- Auditing Guidelines (coming soon)
- CCM Metrics (coming soon)
This zip file contains two versions of CAIQ:
- CCM + CAIQ v4: Includes only the questionnaire and is folded into the CCM file. (This version cannot be used to submit to STAR and is just for reference.)
- STAR Level 1: Security Questionnaire (CAIQ v4): Used to submit to the STAR Registry and includes all the necessary features. Please note that this version won’t be accepted to the STAR Registry until July 2021. You can read more about the updates made to CAIQ v4 in this blog here.
Mappings and components currently available in version 4:
- Mappings to the following: ISO/IEC 27001/27002/27017/27018, CCM V3.0.1, AICPA TSC (2017) and CIS Controls V8. These mappings identify the equivalence, gaps and misalignment between the control specifications of the CCM V4 and other standards. Additional mappings for PCI-DSS and NIST 8-53 Rev.5 are under development and other new mappings will also be added in the future.
- Controls Applicability Matrix: This matrix acts as a guide to help organizations determine the shared responsibilities between the CSPs and CSCs when implementing a CCM control. For each control it also identifies which cloud architectural and organizational stack and cloud service models are applicable.
CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.
Provide feedback on this form