The more complex systems become, the less secure they become, even though security technologies improve. With the proliferation of security certifications, industry standards and regulations it is becoming increasingly challenging to keep up with the requirements to stay secure and compliant in the cloud.
Why was the CCM created?
To respond to simplify the process of assessing the overall security risk of a cloud provider, CSA created the Cloud Control Matrix (CCM). The CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the best practices outlined in the CSA Security Guidance for Cloud Computing.
The foundations of the CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.
Cloud Controls MatrixEnterprise ArchitectureSecurity GuidanceCAIQCCAKSTAR
Along with releasing updated versions of the CCM, this working group provides addendums, control mappings and gap analysis between the CCM and other research releases, industry standards, and regulations to keep it continually up to date.
Cloud Controls Matrix
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Cloud Controls Matrix v4 (Coming Soon)
The Cloud Controls Matrix (CCM) is a cybersecurity control framework and is considered the de-facto standard for cloud security and privacy. Version 4 of the CCM constitutes a significant upgrade to the previous version (v3.0.1) by introducing changes in structure of the framework with a new domain dedicated to Log and Monitoring (LOG), and a significant increase in requirements. Additional features of the version 3 update are: ensured coverage of requirements deriving from new cloud technologies, new controls and security responsibility matrix, improved auditability of the controls, and enhanced interoperability and compatibility
Cloud Controls Matrix v3.0.1
The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.
CCM Translation in 10 Languages
CSA in the context of an agreement with OneTrust has translated the Cloud Control Matrix (CCM) v3.0.1 in 10 languages in order to facilitate their easier adoption by organizations in the corresponding countries. Provided translations are in: Spanish (ES), German (DE), French (FR), Italian (IT), Japanese (JA), Danish (DA), Dutch (NL), Portuguese (PT), Romanian (RO) and Swedish (SV).
Press Coverage
Article Title | Source | Date |
---|---|---|
7 free GRC tools every compliance professional should know about | Search Compiance | November 30, 2020 |
A Growing Digital Economy Means More Cybersecurity Challenges | Forbes | November 30, 2020 |