CCM & CAIQ v3.0.1 Version Update Soft Launch Arrow to Content

We are very excited to announce the soft launch of the Cloud Controls Matrix (CCM) and Consensus Assessments Initiative Questionnaire (CAIQ) ​v.3.0.1. We invite you to download both documents during this early review period:

Download CCM Here
Download CAIQ Here

What’s New in CCM v3.0.1

The new version of CCM provides fundamental security principles to guide cloud vendors and assists cloud customers in assessing the overall security risk of a cloud provider. It consists of 16 control domains that are cross-walked to other industry accepted security standards, regulations and controls frameworks to reduce audit complexity. This new version contains the following:

  • New or updated mappings to the following
    • AICPA 2014 Trust Services Criteria
    • Canada PIPEDA (Personal Information Protection Electronic Documents Act)
    • COBIT 5.0
    • COPPA (Children’s Online Privacy Protection Act)
    • CSA Enterprise Architecture
    • ENISA (European Network Information and Security Agency) Information Assurance Framework
    • European Union Data Protection Directive 95/36/EC
    • FERPA (Family Education and Rights Privacy Act)
    • HIPAA/HITECH act and the Omnibus Rule
    • ISO/IEC 27001:2013
    • ITAR (International Traffic in Arms Regulation)
    • Mexico – Federal Law on Protection of Personal Data Held by Private Parties
    • NIST SP800-53 Rev 3 Appendix J
    • NZISM (New Zealand Information Security Manual)
    • ODCA (Open Data Center Alliance) Usage Model PAAS Interoperability Rev. 2.0
    • PCI DSS v3
  • Consolidation of redundant controls
  • Rewritten controls for clarity of intent, STAR enablement, and SDO alignment

What’s New in CAIQ Version v3.0.1

The​ ​new version of ​CAIQ​ ​is a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of “yes or no” control assertion questions which can then be tailored to suit each unique cloud customer’s evidentiary requirements.

  • Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0″
  • Maps the CAIQ questions to the latest compliance regulations found in the CCM v3.0.1
  • Rewritten controls for clarity of intent, STAR enablement, and SDO alignment
Page Dividing Line
This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.