Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CSA Official Press Release

Published 07/11/2014

CCM & CAIQ v3.0.1 Version Update Soft Launch

CCM & CAIQ v3.0.1 Version Update Soft Launch

We are very excited to announce the soft launch of the Cloud Controls Matrix (CCM) and Consensus Assessments Initiative Questionnaire (CAIQ) v.3.0.1. We invite you to download both documents during this early review period: Download CCM HereDownload CAIQ Here

What's New in CCM v3.0.1

The new version of CCM provides fundamental security principles to guide cloud vendors and assists cloud customers in assessing the overall security risk of a cloud provider. It consists of 16 control domains that are cross-walked to other industry accepted security standards, regulations and controls frameworks to reduce audit complexity. This new version contains the following:

  • New or updated mappings to the following
  • AICPA 2014 Trust Services Criteria
  • Canada PIPEDA (Personal Information Protection Electronic Documents Act)
  • COBIT 5.0
  • COPPA (Children's Online Privacy Protection Act)
  • CSA Enterprise Architecture
  • ENISA (European Network Information and Security Agency) Information Assurance Framework
  • European Union Data Protection Directive 95/36/EC
  • FERPA (Family Education and Rights Privacy Act)
  • HIPAA/HITECH act and the Omnibus Rule
  • ISO/IEC 27001:2013
  • ITAR (International Traffic in Arms Regulation)
  • Mexico - Federal Law on Protection of Personal Data Held by Private Parties
  • NIST SP800-53 Rev 3 Appendix J
  • NZISM (New Zealand Information Security Manual)
  • ODCA (Open Data Center Alliance) Usage Model PAAS Interoperability Rev. 2.0
  • PCI DSS v3
  • Consolidation of redundant controls
  • Rewritten controls for clarity of intent, STAR enablement, and SDO alignment

What's New in CAIQ Version v3.0.1

The new version of CAIQ is a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of “yes or no” control assertion questions which can then be tailored to suit each unique cloud customer’s evidentiary requirements.

  • Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance "Security Guidance for Critical Areas of Focus in Cloud Computing V3.0"
  • Maps the CAIQ questions to the latest compliance regulations found in the CCM v3.0.1
  • Rewritten controls for clarity of intent, STAR enablement, and SDO alignment

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.