Membership
Become a Member
Enterprises
Solution Providers
Startups
Current Members
Solution Providers
Affiliates
Assurance
STAR Program
STAR Levels
View Registry
Submit to Registry
Provide Feedback
GDPR Code of Conduct for STAR
STAR Resources
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
GDPR
Download the Code of Conduct
Submit Code of Conduct to the Registry
Resource Center
Global Consultancy
Become a Consulting Partner
Find a Consulting Service
Certificates & Training
Certificates
CCSK
CCAK
Trainings
CCAK (Coming Soon)
CCSK Lectures
CCSK Lectures + Labs
Advanced Cloud Security Practitioner
Register for Training
For Individuals
For Enterprises
Instructors
Become an Instructor
Training Partners
Become a Training Partner
Webinars
Cloudbytes
Research
GDPR
Events
Americas
APAC
EMEA
Research
What We Do
Research Working Groups
CSA Research Lifecycle
Research Publications
Security Guidance v4
Cloud Controls Matrix (CCM)
IoT Framework
Contribute
Open Peer Reviews
Surveys
Volunteer FAQ
Ron Knode Award
Working Groups
Internet of Things
DevSecOps
Software Defined Perimeter
Blockchain
Cloud Controls Matrix
EMEA Projects
APAC Projects
Community
Circle
Create an Account
Inner Circle Discussion
Job Board Postings
How To Get Started
Blog
Events
Americas
APAC
EMEA
Chapters
Global Chapters
Form a Chapter
About
About CSA
Board
History
CSA Staff
CSA EMEA
Press Releases
News Coverage

Working Group

Cloud Controls Matrix

Join Group
Research Home
View Working Groups
Contribute
Download Publications
Home
Research
Working Groups
Cloud Controls Matrix

Introduction

The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.

Join Group

Artifacts

Gap Analysis Report - Mapping of the Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 to Cloud Security Alliance Cloud Controls Matrix v3.0.1
Gap Analysis Report - Mapping of the Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 to Cloud Security Alliance Cloud Controls Matrix v3.0.1

This document is an addendum to the CCM v3.0.1 and contains a controls mapping and gap analysis between the CSA ...

CCM Gap Analysis Report (ABS CCIG)
CCM Gap Analysis Report (ABS CCIG)

The report summarizes the mapping of CCM v3.0.1 to the Association of Banks in Singapore Cloud Computing Impleme...

CCM Translation in 10 Languages
CCM Translation in 10 Languages

This localized version of this publication was produced from the

CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications

This document is an addendum to the

Mapping of 'The Guidelines' Security Recommendations to CCM
Mapping of 'The Guidelines' Security Recommendations to CCM

This document contains the additional controls that serve to bridge the gap between

Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’

The report summarizes the mapping of

CSA STAR Registry API Specification v1.5
CSA STAR Registry API Specification v1.5

The CSA STAR Registry is a publicly available repository containing assurance information voluntarily submitted ...

Cloud Controls Matrix v3.0.1
Cloud Controls Matrix v3.0.1

The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practice...

CCM v3.0.1 Addendum - FedRAMP Moderate
CCM v3.0.1 Addendum - FedRAMP Moderate

This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the FedRAMP...

CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate
CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate

This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the NIST 80...

CSA CCM v3.0.1 Addendum - AICPA TSC 2017
CSA CCM v3.0.1 Addendum - AICPA TSC 2017

This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the AICPA T...

CCM v3.0.1-080319
CCM v3.0.1-080319

The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practice...

CCM Mapping Workpackage Template
CCM Mapping Workpackage Template

This document is the companion document to the Methodology for the Mapping of the Cloud Controls Matrix (CCM). I...

CCM v3.0.1 Addendum - BSI Germany C5 v1
CCM v3.0.1 Addendum - BSI Germany C5 v1

This document is an addendum to the Cloud Controls Matrix(CCM) V3.0.1 controls. It contains the additional c...

CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1
CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

This document is an addendum to the Cloud Controls Matrix(CCM) V3.0.1 controls. It contains the additional c...

CCM v3.0 - Chinese Translation
CCM v3.0 - Chinese Translation

This localized version of this publication was produced from the

CCM and CAIQ (Spanish Translations)
CCM and CAIQ (Spanish Translations)

This localized version of this publication was produced from the original source material (

CCM Mapping Methodology
CCM Mapping Methodology

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide ...

Cloud Controls Matrix v3.0.1 Info Sheet
Cloud Controls Matrix v3.0.1 Info Sheet

Find out how many controls are in the

STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)
STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)

There are a number of control areas on the CCM that will each be awarded a management capability score on a scal...

CCM v3.0 Info Sheet
CCM v3.0 Info Sheet

This info sheet is for an old version of the Cloud Controls Matrix (CCM). You learn more about the latest versio...

Read the Blog

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Learn more

Next Meeting

Dec 09, 2020, 08:00AM PST

JoinSee all Meetings

Leadership

Sean Cordero Headshot

Sean Cordero brings more than 15 years of information security and IT experience to his current role as director, information security at Optiv. Cordero provides executive level advisement for the ...

 
Sean Cordero
 
Shawn Harris Headshot

Shawn Harris has over 25 years of Information Security experience. He is currently the managing principal security architect at Starbucks Coffee Company. Shawn’s background includes engineering, ...

 
Shawn Harris
 
Harry Lu Headshot

Harry Lu brings perspectives of Cloud Security from the professional services industry. He is currently a manager with the PwC Cybersecurity practice. Being part of the PwC Cloud Security Team, Har...

 
Harry Lu
 
Sean Estrada Headshot

Sean Estrada is Head of Industry Standards Engagement for AWS, where he is responsible for driving engagement with industry standards organizations and alliances. Building on over 15 years of exper...

 
Sean Estrada