CSA Releases CCM v3.0 Info Sheet for Updates on New Controls, Domains
In conjunction with its release of the Cloud Controls Matrix, v3.0, the Cloud Security Alliance has published a CCM Info Sheet that describes the CCM, changes in v3.0, and the alignment of the CCM to the “Security Guidance for Critical Areas of Focus in Cloud Computing, v3.0” and the Open Controls Framework (OCF). The latest version includes the addition of three new domains, “Mobile Security,” “Supply Change Management, Transparency and Accountability,” and “Interoperability & Portability.” Several existing domains have been overhauled to improve clarity, intent, and control overlap. For over a year, more than 200 reviewers have reworked the 136 controls to be auditable. Existing information has been strengthened by delineating control guidance by service provider and consumer, and by differentiating according to cloud model type and environment. The CCM provides a controls framework in 16 domains that are cross-walked to other industry-accepted security standards, regulations, and controls frameworks to reduce audit complexity. Learn more about the CCM v3.0 by downloading the Info Sheet.