Working Group

Cloud Controls Matrix

Introduction

The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.

Artifacts

CCM v3.0.1 Addendum - FedRAMP Moderate

This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the FedRAMP R4 Moderate Baseline. The...

CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate

This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the NIST 800-53 R4 Moderate Baseline. Th...

CSA CCM v3.0.1 Addendum - AICPA TSC 2017

This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the AICPA TSC 2017. The document aims to...

CCM v3.0.1-080319

The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provid...

CCM Mapping Workpackage Template

This document is the companion document to the Methodology for the Mapping of the Cloud Controls Matrix (CCM). It is a CCM mapping workpackag...

CCM v3.0.1 Addendum - BSI Germany C5 v1

This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge ...

CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1

This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge ...

CCM v3.0 - Chinese Translation

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud custo...

CCM Mapping Methodology

Description: The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors an...

Cloud Controls Matrix v3.0.1

Description: The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulation...

AOSSL and CCM Technote

Cloud Controls Matrix v3.0.1 Info Sheet

Cloud Controls Matrix v3.0.1 (July 2014)

New and updated mappings, consolidation of redundant controls, rewritten controls for clarity of intent, STAR enablement, and SDO alignment.

Cloud Controls Matrix v3.0

Cloud Controls Matrix (CCM) Version 3.0, is a comprehensive update to the industry’s gold standard for assessing cloud centric information se...

Cloud Controls Matrix v1.4

Cloud Controls Matrix v1.3

Cloud Controls Matrix v1.2

Cloud Controls Matrix V1.1

Cloud Controls Matrix V1.01

Cloud Controls Matrix V1.0

Read the Blog

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Learn more

Next Meeting

Join See all Meetings

See all Meetings

Leadership

Jonathan Trull is the Global Director for the Microsoft Cybersecurity Solutions Group. Jonathan leads Microsoft’s team of worldwide security advisors and cloud security architects who provide strat...

Jonathan Trull

Sean Cordero brings more than 15 years of information security and IT experience to his current role as director, information security at Optiv. Cordero provides executive level advisement for the ...

Sean Cordero

Shawn Harris has over 25 years of Information Security experience. He is currently the managing principal security architect at Starbucks Coffee Company. Shawn’s background includes engineering, ...

Shawn Harris

Harry Lu brings perspectives of Cloud Security from the professional services industry. He is currently a manager with the PwC Cybersecurity practice. Being part of the PwC Cloud Security Team, Har...