ChaptersEventsBlog
We're exploring how organizations adapt IAM to AI. Take the AI Identity and Risk Readiness Survey by September 5 →

Working Group

Cloud Controls Matrix

Along with releasing updated versions of the CCM and CAIQ, this working group provides addendums, control mappings and gap analysis between the CCM and other research releases, industry standards, and regulations to keep it continually up to date.
View Current Projects
Cloud Controls Matrix and CAIQ v4
Cloud Controls Matrix and CAIQ v4

Download

Cloud Controls Matrix
Working Group Overview

Along with releasing updated versions of the CCM and CAIQ, this working group provides addendums, control mappings and gap analysis between the CCM and other research releases, industry standards, and regulations to keep it continually up to date.


CSA is collaborating with IBM in order to align the two frameworks CCM v4 and IBM Cloud Framework. If you're interested in getting involved, please contact Eleftherios Skoutaris, eskoutaris@cloudsecurityalliance.org.


What do we discuss during our meetings? 

During these meetings we typically discuss changes in the industry and collaborate on projects the group is working on.


Drafts & Important Docs


Working Group Leadership

Daniele Catteddu
Daniele Catteddu

Daniele Catteddu

Chief Technology Officer, CSA

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...

Read more

Eleftherios Skoutaris
Eleftherios Skoutaris

Eleftherios Skoutaris

Program Manager / Research Analyst, CSA EMEA

Working Group Co-Chairs

Michael Roza
Michael Roza

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Michael Roza is a seasoned risk, audit, control and compliance, and cybersecurity professional with over 20 years of experience across multinational enterprises and startups. As a Cloud Security Alliance (CSA) Research member for over 10 years, he has led and contributed to more than 140 CSA projects spanning Zero Trust, AI, IoT, Top Threats, DecSecOps, Cloud Key Management, Cloud Control Matrix, and many others.

He has co-chaired...

Read more

Akash Verma
Akash Verma

Akash Verma

Technical Program Manager, Continuous Assurance Engineering, Google

Akash Verma serves as the Technical Program Manager for Cybersecurity Continuous Assurance Engineering at Google, overseeing various security engineering programs within Google Cloud's continuous risk and compliance assurance endeavors.

Beyond his responsibilities at Google, Akash collaborates with industry experts to drive research and development initiatives aimed at advancing cybersecurity practices and standards, including, but no...

Read more

Siddharth Nandakishoran
Siddharth Nandakishoran

Siddharth Nandakishoran

Siddharth Nandakishoran serves as an FSI Assurance Specialist at Amazon Web Services (AWS), where he oversees the end-to-end customer audit journey of AWS, from initial due diligence to comprehensive audit execution. He specializes in helping financial services customers develop robust control assurance frameworks that align with regulatory requirements while leveraging AWS's cloud infrastructure.
 
With significant e...

Read more

Jon-Michael Brook
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Jon-Michael received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. He holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction...

Read more

Publications in ReviewOpen Until
Data Security within AI EnvironmentsAug 29, 2025
AICM Auditing GuidelinesSep 03, 2025
A Practitioner’s Guide to Post-Quantum CryptographySep 17, 2025
Cloud Threat Modeling 2025Sep 19, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

Aug

27

Wed, August 27, 6:00pm - 7:00pm
CCMv4 WG
See details
Passcode: 621643

Additional info:

  • Follow up on the latest CCM WG activities in Circle.
  • If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here
  • WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.


Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting
https://zoom.us/j/245687063

Meeting ID: 245 687 063
Passcode: 621643

One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)

Dial by your location
        +1 669 900 9128 US (San Jose)
        +1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3

Sep

10

Wed, September 10, 6:00pm - 7:00pm
CCMv4 WG
See details
Passcode: 621643

Additional info:

  • Follow up on the latest CCM WG activities in Circle.
  • If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here
  • WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.


Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting
https://zoom.us/j/245687063

Meeting ID: 245 687 063
Passcode: 621643

One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)

Dial by your location
        +1 669 900 9128 US (San Jose)
        +1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3

Sep

24

Wed, September 24, 6:00pm - 7:00pm
CCMv4 WG
See details
Passcode: 621643

Additional info:

  • Follow up on the latest CCM WG activities in Circle.
  • If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here
  • WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.


Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting
https://zoom.us/j/245687063

Meeting ID: 245 687 063
Passcode: 621643

One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)

Dial by your location
        +1 669 900 9128 US (San Jose)
        +1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3

Oct

8

Wed, October 8, 6:00pm - 7:00pm
CCMv4 WG
See details
Passcode: 621643

Additional info:

  • Follow up on the latest CCM WG activities in Circle.
  • If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here
  • WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.


Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting
https://zoom.us/j/245687063

Meeting ID: 245 687 063
Passcode: 621643

One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)

Dial by your location
        +1 669 900 9128 US (San Jose)
        +1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3

Oct

22

Wed, October 22, 6:00pm - 7:00pm
CCMv4 WG
See details
Passcode: 621643

Additional info:

  • Follow up on the latest CCM WG activities in Circle.
  • If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here
  • WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.


Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting
https://zoom.us/j/245687063

Meeting ID: 245 687 063
Passcode: 621643

One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)

Dial by your location
        +1 669 900 9128 US (San Jose)
        +1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Data Security within AI Environments

Open Until: 08/29/2025

 AI’s demand for large and diverse datasets introduces significant cybersecurity risks across the entire data lifecycl...

AICM Auditing Guidelines

Open Until: 09/03/2025

Auditing steps for each of the 243 controls of the AI Controls Matrix for internal or external auditors that are going to e...

A Practitioner’s Guide to Post-Quantum Cryptography

Open Until: 09/17/2025

As quantum computing advances, the threat it poses to classical cryptographic algorithms becomes increasingly urgent. This ...

Cloud Threat Modeling 2025

Open Until: 09/19/2025

The purpose of this document is to enable and encourage effective threat modeling for cloud applications, services, and sec...