Cloud Security Alliance Releases Cloud Controls Matrix Version 1.3
Version 1.3 Integrates Revised Mapping of FedRAMP Security Controls
September 21, 2012 –The Cloud Security Alliance (CSA) today published version 1.3 of the Cloud Controls Matrix which is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. Version 1.3 of the CCM also includes a revised mapping of the final release version of the Federal Risk and Authorization Management Program (FedRAMP) security controls, published January 2012.
“The CSA CCM v1.3 update represents one of the most significant efforts on behalf of the CCM working group and we are confident the entire cloud security community will benefit greatly from this collaboration,” said Becky Swain, Co-Founder and former Co-Chair of the CCM working group. “With this update, we were able to establish and formalize stronger change control procedures that will be re-applied in the next series of CCM updates.”
As a framework, the CCM provides organizations with the required structure, detail and clarity relating to information security tailored to the cloud industry. The CCM strengthens existing information security control environments by emphasizing business information security control requirements, reduces and identifies consistent security threats and vulnerabilities in the cloud, provides standardized security and operational risk management, and seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.
The Cloud Controls Matrix is part of the CSA GRC Stack.
About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.