Publication Peer Review
Cloud Security Maturity Model 2023
Open Until: 10/26/2023
The Cloud Security Alliance has partnered with IANS research and Securosis to develop and release version 2.0 of the Cloud Security Maturity Model (CSMM). The CSMM is a cloud-native security framework that includes maturity ratings across three Domains and 12 Categories. The objective of the model is to provide security teams with a way to assess and improve their cloud security program by providing indicators of maturity and a roadmap to what a mature program looks like.
Version 2.0 of the model has been expanded with Cloud Security Control Objectives and per-provider Control Specifications representing Key Performance Indicators to assess maturity more objectively. These were selected to support automated assessments, where possible. The CSMM 2.0 was also updated to better align with the Cloud Security Alliance Guidance and CCM. Over time the CSMM and CCM will improve alignment to provide organizations with more proscriptive guidance on prioritization of cloud security program elements.
This version is a first release draft. It includes all major model components, but per-provider control specifications are incomplete. The key indicators (control objectives) are meant to represent a starting baseline, but organizations may run their cloud security operations differently and thus may need to make adjustments.
Peer review period has ended.