Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

Publication Peer Review

Cloud Security Maturity Model 2023
Cloud Security Maturity Model 2023

Cloud Security Maturity Model 2023

Open Until: 10/26/2023

The Cloud Security Alliance has partnered with IANS research and Securosis to develop and release version 2.0 of the Cloud Security Maturity Model (CSMM). The CSMM is a cloud-native security framework that includes maturity ratings across three Domains and 12 Categories. The objective of the model is to provide security teams with a way to assess and improve their cloud security program by providing indicators of maturity and a roadmap to what a mature program looks like.


Version 2.0 of the model has been expanded with Cloud Security Control Objectives and per-provider Control Specifications representing Key Performance Indicators to assess maturity more objectively. These were selected to support automated assessments, where possible. The CSMM 2.0 was also updated to better align with the Cloud Security Alliance Guidance and CCM. Over time the CSMM and CCM will improve alignment to provide organizations with more proscriptive guidance on prioritization of cloud security program elements.


This version is a first release draft. It includes all major model components, but per-provider control specifications are incomplete. The key indicators (control objectives) are meant to represent a starting baseline, but organizations may run their cloud security operations differently and thus may need to make adjustments.

Peer review period has ended.