The Visionary CCM/CAIQ v4 Early Adopters
Published 08/06/2021
This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.
The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to CSA best practices and is considered the de-facto standard for cloud security and privacy.
On January 21st, 2021, CSA released version 4 of the CCM. The new version ensures coverage of requirements deriving from new cloud technologies, new controls and enhanced interoperability and compatibility with other standards.
Here’s what’s included in version 4:
- CCM v4
- Mappings
- CAIQ v4
- Implementation Guidelines (coming soon)
- Auditing Guidelines (coming soon)
- CCM Metrics (coming soon)
Version 4 of CAIQ, the CCM questionnaire, is now available as well. Updates include streamlined questions, sections on the Shared Security Responsibility Model to help organizations determine the shared responsibilities between the CSPs and CSCs when implementing a CCM control, and changes to the STAR Level 1 submissions document.
As this was a major release, it stands to reason there are those who jump in with both feet because they want to be one of the first. This obviously allows them to claim just that: they are one of the first. (They are the Innovators[1] and the Early Adopters[2]). These people often become opinion leaders or have an influence on the new release because they are the first to use it and provide feedback.
The companies listed below wanted to be the first in their field and get an early jump by submitting the new CAIQ v4. These wonderful pioneers will have their v4 entries loaded into STAR very soon.
So without further ado, we at CSA would like to congratulate the following companies for being the first adopters of the CCM and CAIQ v4. You are true innovators and leaders in the cloud:
- rhöncloud GmbH
- GESTION DEL CONOCIMIENTO, S.A.
- Imedia8 Limited
- Bugfender (Beenario GmbH)
- ServiceNow
- PhishingBox LLC
- Reiss Romoli
- Quickbase
- Digital Route
- Accurate Background, LLC
- E-time srl
- Zain Data Park
- EVAN360
- Distribuzione Italia S.r.l.
- RisolvoPC
- Cvent
- Confluent, Inc.
To join the list of Innovators and Early Adopters, you can download the CCM v4 here and CAIQ v4 here.
[1] Innovators - The first to take action and adopt a product. Those people are willing to take the risk and help you improve your product.
[2] Early Adopters - Early adopters are among those people ready to try out a product at an early stage. They don’t need you to explain why.
Related Articles:
The EU Cloud Code of Conduct: Apply GDPR Compliance Regulations to the Cloud
Published: 10/31/2024
The Need for Continuous Assurance and Compliance Automation
Published: 10/15/2024