CCM logo

CSA Cloud Controls Matrix V1.1 is Released

The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, and NIST, and will augment or provide internal control direction for SAS 70 attestations provided by cloud providers. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry. The CSA CCM strengthens existing information security control environments by emphasizing business information security control requirements, reduces and identifies consistent security threats and vulnerabilities in the cloud, provides standardize security and operational risk management, and seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.

The Cloud Controls Matrix is part of the CSA GRC Stack.

Download the Initiative

12/15/2010 Version 1.1:
-Download Excel xlsx here

04/27/2010 Version 1.0:
-Download Excel xlsx here
-For Excel 97-2003, download here

CSA CCM Leadership Team

  • Becky Swain, CIPP/IT, CISSP, CISA – CCM Co-Founder/Chair, CSA Silicon Valley Chapter Board Member, Cisco Systems, Inc.
  • Marlin Pohlman - CCM Co-Chair
  • Philip Agcaoili - CCM Co-Founder/Chair, CSA Atlanta Chapter Co-Founder/Board Member
  • Kip Boyle, CISM, CISSP – CCM Project Manager
  • Jim Reavis – CSA Executive Director


Contact the CCM Leadership Team:
Email

CSA CCM R1.1 – S/P/I Ownership

  • Guy Bejerano - LivePerson CSO (Lead)
  • Philip Richardson, CISSP, A.Inst.ISP, MBCS – Logicalis UK Ltd
  • Paul Stephen – Ernst and Young LLP

CSA CCM R1.1 – COBIT 4.1

  • Georges Ataya Solvay – Brussels School of Economics and Management
  • April Battle – MITRE
  • Akira Shibata – NTT DATA Corp
  • Elizabeth Ann Wickham – L47 Consulting Limited
  • Marcelo Gonzalez – Banco Central Republica Argentina
  • Mark Lobel – PricewaterhouseCoopers LLP
  • Meenu Gupta – Mittal Technologies
  • Ramesan Ramani – Paramount Computer Systems
  • Yves Le Roux – CA Technologies

CSA CCM R1.1 – HIPAA / HITECH Act

  • Joshua Schmidt, CISA, CISM – Vertafore, Inc. (Lead)
  • Patty Williams – Symetra Financial

CSA CCM R1.1 – ISO/IEC 27001:2005

  • MS Prasad, Exec Dir CSA India (Lead)
  • Joel Cort, CISSP, ISO 27001 Lead Auditor – Xerox Corporation
  • Laura Kuiper – Cisco Systems, Inc.
  • Kyle Lai, CISSP, CSSP, CISA, CIPP/G – KLC Consulting, Inc.
  • Thomas Loczewski, CISSP, CRISC, CCSK – Ernst and Young GmbH, Germany
  • Pritam Bankar, CISA, CISM – Infosys Technologies Ltd.

CSA CCM R1.1 – NIST SP800-53 + FedRAMP

  • Daniel Philpott – Tantus Technologies, FISMApedia.org (Lead)
  • Pritam Bankar, CISA, CISM – Infosys Technologies Ltd.
  • Kyle Lai, CISSP, CSSP, CISA, CIPP/G – KLC Consulting, Inc.
  • MS Prasad, Exec Dir CSA India
  • Steve Primost, CISSP, CISM
  • Philip Richardson, CISSP, A.Inst.ISP, MBCS – Logicalis UK Ltd
  • Vincent Samuel, Archer Certified Consultant, Certified Application Security Specialist, Oracle Certified Associate – KPMG LLP
  • Paul Stephen – Ernst and Young LLP
  • Adalberto Afonso A Navarro F do Valle – Deloitte LLP
Spreadsheet

CSA CCM R1.1 – PCI DSS v2.0

  • Pritam Bankar, CISA, CISM – Infosys Technologies Ltd. (Lead)
  • Karthik Amrutesh, CISSP, CISA – Ernst and Young LLP
  • Chris Brenton – Dell
  • Dr. Anton Chuvakin – Security Warrior Consulting
  • Michael Craigue, Ph.D. (CISSP, CSSLP) – Dell
  • Jakob Holm Hansen, CISA, CISSP, ABCP – Neupart A/S
  • Addison Lawrence – Dell
  • Steve Primost, CISSP, CISM
  • Philip Richardson, CISSP, A.Inst.ISP, MBCS – Logicalis UK Ltd.
  • Paul Stephen – Ernst and Young LLP

CSA CCM R1.1 – BITS Shared Assessment AUP v5.0 / SIG v6.0

  • Niall Browne, CCSP, CISA, CISSP, CCSI – LiveOps
  • Henry Ojo – Kamhen Services Ltd, HISPI

CSA CCM R1.1 – GAPP

  • Thej Mehta, CISA, ITIL v3 Foundation, ISACA San Francisco Chapter: 2nd Vice President and Education Program Chair, KPMG LLP (Lead)
  • Pritam Bankar, CISA, CISM – Infosys Technologies Ltd.
  • Thomas Loczewski – Ernst and Young LLP
  • Lloyd Wilkerson – Robert Half International
  • Anna Tang, CISSP, CIPP, CIPP/IT, Cisco Systems, Inc.

CSA CCM R1.1 – QA Team

  • John DiMaria – HISPI (Lead)
  • Taiye Lambo – eFortresses, Inc , HISPI
  • Kelvin Arcelay, CISM, CISSP, CRISC, HISP, ISMS Auditor, PMP, SSGB – Arcelay & Associates, HISPI
  • Henry Ojo – Kamhen Services Ltd, HISPI
  • Lisa Peterson, CISA, CISSP – Progressive Insurance, HISPI
  • Dale Pound – SAIC, HISPI
  • John Sapp – McKesson Healthcare, HISPI
  • Gary Sheehan – Advanced Server Management Group, Inc., HISPI
  • Greg Zimmerman – Jefferson Wells, HISPI

CSA CCM R1.0 Contributors

  • Philip Agcaoili (co-chair)
  • Becky Swain (co-chair)
  • Marlin Pohlman (co-chair)
  • Mike Craigue
  • Phil Genever-Watling
  • Addison Lawrence
  • Chandrasekar Umpathy
  • Andy Dancer
  • Anton Chuvakin
  • Georg Heß
  • Glen Jones
  • Larry Harvey
  • M S Prasad
  • Patrick Sullivan
  • Steve Primost
  • Tajeshwar Singh
  • Thomas Loczewski
  • Dan Philpott

Initiative Sponsors

None