Membership
Become a Member
Enterprises
Solution Providers
Startups
Current Members
Solution Providers
Affiliates
Assurance
STAR Program
STAR Levels
View Registry
Submit to Registry
Provide Feedback
GDPR Code of Conduct for STAR
STAR Resources
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
GDPR
Download the Code of Conduct
Submit Code of Conduct to the Registry
Resource Center
Global Consultancy
Become a Consulting Partner
Find a Consulting Service
Certificates & Training
Certificates
CCSK
CCAK
Trainings
CCAK (Coming Soon)
CCSK Lectures
CCSK Lectures + Labs
Advanced Cloud Security Practitioner
Register for Training
For Individuals
For Enterprises
Instructors
Become an Instructor
Training Partners
Become a Training Partner
Webinars
Cloudbytes
Research
GDPR
Events
Americas
APAC
EMEA
Research
What We Do
Research Working Groups
CSA Research Lifecycle
Research Publications
Security Guidance v4
Cloud Controls Matrix (CCM)
IoT Framework
Contribute
Open Peer Reviews
Surveys
Volunteer FAQ
Ron Knode Award
Working Groups
Internet of Things
DevSecOps
Software Defined Perimeter
Blockchain
Cloud Controls Matrix
EMEA Projects
APAC Projects
Community
About Circle
Create an Account
Login to Circle
How To Get Started
Blog
Events
Americas
APAC
EMEA
Chapters
Global Chapters
Form a Chapter
About
About CSA
Board
History
CSA Staff
CSA EMEA
Press Releases
News Coverage

Cloud Controls Matrix

Latest ResearchJoin Group
Research Home
View Working Groups
Contribute
Download Publications
Join the CCM working group
Home
Research
Working Groups
Cloud Controls Matrix
Maintaining cloud governance, risk and compliance is becoming increasingly difficult..
The more complex systems become, the less secure they become, even though security technologies improve. With the proliferation of security certifications, industry standards and regulations it is becoming increasingly challenging to keep up with the requirements to stay secure and compliant in the cloud. 

Why was the CCM created?
To respond to simplify the process of assessing the overall security risk of a cloud provider, CSA created the Cloud Control Matrix (CCM). The CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the best practices outlined in the CSA Security Guidance for Cloud Computing

The foundations of the CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.

Cloud Controls MatrixEnterprise ArchitectureSecurity GuidanceCAIQCCAKSTAR

Along with releasing updated versions of the CCM, this working group provides addendums, control mappings and gap analysis between the CCM and other research releases, industry standards, and regulations to keep it continually up to date.
Join Group

Next Meeting

Jan 21, 2021, 08:00AM PST
Join the Meeting


Working Group Leadership

Sean Cordero Headshot

Sean Cordero

Shawn Harris Headshot

Shawn Harris

Harry Lu Headshot

Harry Lu

Sean Estrada Headshot

Sean Estrada

Daniele Catteddu Headshot

Daniele Catteddu

Eleftherios Skoutaris Headshot

Eleftherios Skoutaris

Join the CCM working group

Cloud Controls Matrix

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Cloud Controls Matrix v4 (Coming Soon)

Cloud Controls Matrix v4 (Coming Soon)

The Cloud Controls Matrix (CCM) is a cybersecurity control framework and is considered the de-facto standard for cloud security and privacy. Version 4 of the CCM constitutes a significant upgrade to the previous version (v3.0.1) by introducing changes in structure of the framework with a new domain dedicated to Log and Monitoring (LOG), and a significant increase in requirements. Additional features of the version 3 update are: ensured coverage of requirements deriving from new cloud technologies, new controls and security responsibility matrix, improved auditability of the controls, and enhanced interoperability and compatibility 

Get notified once it’s released
Cloud Controls Matrix v3.0.1

Cloud Controls Matrix v3.0.1

The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.

Download CCM v3
CCM Translation in 10 Languages

CCM Translation in 10 Languages

CSA in the context of an agreement with OneTrust has translated the Cloud Control Matrix (CCM) v3.0.1 in 10 languages in order to facilitate their easier adoption by organizations in the corresponding countries. Provided translations are in: Spanish (ES), German (DE), French (FR), Italian (IT), Japanese (JA), Danish (DA), Dutch (NL), Portuguese (PT), Romanian (RO) and Swedish (SV).

Request to download
View All Research

Blog Posts

What is the Cloud Controls Matrix (CCM)?
Read Now
CCM Addendum for Associated Banks of Singapore
Read Now
What is a Cloud Service Provider?
Read Now

Press Coverage

Article TitleSourceDate
7 free GRC tools every compliance professional should know aboutSearch CompianceNovember 30, 2020
A Growing Digital Economy Means More Cybersecurity ChallengesForbesNovember 30, 2020