ChaptersEventsBlog
Join Cohesity Catalyst on Tour at the data security and AI summit in NYC, Paris, or Singapore →

The Continuous Audit Metrics Catalog

Released: 01/28/2026

The Continuous Audit Metrics Catalog
The Continuous Audit Metrics Catalog
Are traditional infosec assurance tools outdated? Many cloud customers think so. They see that technology changes quickly, and products are frequently evolving with continuous integration and deployment. Therefore, a certification obtained once a year after a third-party audit is not a sufficient source of assurance anymore. It’s time to move from “point-in-time” assurance to continuous assurance. This change requires moving away from manual audits and instead building automated tools that continuously assess the effectiveness of an information system. In other words, it’s time to move to the world of security metrics.

There is no standard reference for the continuous auditing of cloud services that supports security metrics in a way that is comparable to what the CSA CCM or ISO/IEC 27002 does for security controls. To address this gap, CSA launched the Continuous Audit Metrics Working Group in early 2020 to build the first catalog of security metrics for the cloud. We have released the first version of this catalog that contains an initial set of 34 security metrics, each mapped to the CCM v4.1. These metrics aim to support internal CSP governance, risk, and compliance (GRC) activities and provide a helpful baseline for service-level agreement transparency. 

Topics covered: 
  • Explanation of security metrics
  • How to measure the effectiveness of an information system
  • How to enable continuous auditing
  • Catalog listing the 34 metrics

Included in this zip file:
  • Continuous Audit Metrics Catalog
  • Code of Practice for Implementing and Maintaining Key Metrics


Best For IconBest For:
Compliance Managers

Partner Event Spotlight

Want to see your content featured here?

Contact us to learn more!

Explore More of CSA

Research & Best Practices

Stay informed about the latest best practices, reports, and solutions in cloud security with CSA research.

Upcoming Events & Conferences

Stay connected with the cloud security community by attending local events, workshops, and global CSA conferences. Engage with industry leaders, gain new insights, and build valuable professional relationships—both virtually and in person.

Training & Certificates

Join the countless professionals who have selected CSA for their training and certification needs.

Industry News

Stay informed with the latest in cloud security news - visit our blog to keep your competitive edge sharp.