Cloud 101CircleEventsBlog
Missed CSA's Cyber Monday sale? You can still get 50% off the CCSK + CCZT Exam & Training Bundle and Token Bundle with raincheck code 'rcdoubledip24'

CCM Lite

A streamlined edition of CCM V4 is now available!

Download Now
CCM Lite

The Cloud Security Alliance and the CCM Working Group have developed CCM Lite, a streamlined version of the Cloud Controls Matrix (CCM) v4. It consists of 91 controls, a subset of the 197 of the CCM, and it includes foundational controls that should be implemented by any organization, regardless of their budget, maturity and risk profile.

CCM Lite was primarily developed to address the needs of Small and Medium-sized Businesses (SMBs), with limited resources providing them with a streamlined solution for cloud security.

Download Now

The CCM Lite includes:

  • Implementation Guidelines
  • Auditing Guidelines
  • Machine Readable (JSON/ YAML/OSCAL)

*CCM Lite submissions are accepted into the STAR Registry.

Who should use the CCM Lite?

The CCM Lite is designed as a cost-effective solution for low-risk profile cloud organizations, particularly Small and Medium Enterprises (SMEs) and Startups with limited IT and cybersecurity resources. It offers streamlined controls that prioritize essential cloud security measures, enabling SMEs to establish basic security hygiene and protect their infrastructure from common cloud security attacks.

While not a replacement for the CCMv4, the CCM Lite is a valuable resource for SMEs looking to improve their security posture within their resource constraints.

Which security domains are covered by the CCM Lite?

A&A
Audit & Assurance
AIS
Application & Interface Security
BCR
Business Continuity Mgmt & Op Resilience
CCC
Change Control & Configuration Management
CEK
Cryptography, Encryption, & Key Management
DCS
Datacenter Security
DSP
Data Security & Privacy
GRC
Governance, Risk Management, & Compliance
HRS
Human Resources Security
IAM
Identity & Access Management
IPY
Interoperability & Portability
IVS
Infrastructure & Virtualization Security
LOG
Logging & Monitoring
SEF
Sec. Incident Mgmt, E-Disc & Cloud Forensics
STA
Supply Chain Mgmt, Transparency, & Accountability
TVM
Threat & Vulnerability Management
UEM
Universal Endpoint Management

CAIQ Lite

The CAIQ Lite is a simplified version of the Consensus Assessments Initiative Questionnaire (CAIQ), developed through extensive research, testing and a review process. CAIQ Lite streamlines the assessment process, empowering cybersecurity professionals to engage cloud vendors more efficiently.

It features 124 questions across 17 control domains of the CCM v4.

Download CAIQ Lite

STAR and CCM Lite

STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM) . Publishing to the registry allows organizations to show current and potential customers their security and compliance posture.

As of October 9, 2024, CCM Lite submissions are accepted into the STAR Registry.

Learn More

Join the Working Group

Interested in contributing to future versions of the Cloud Controls Matrix or CAIQ? You can volunteer for the working group to stay up to date on the latest projects related to the CCM and participate in future initiatives.

View the working group