Working Group
Cloud Controls Matrix Working Group
Along with releasing updated versions of the CCM and CAIQ, this working group provides addendums, control mappings and gap analysis between the CCM and other research releases, industry standards, and regulations to keep it continually up to date.
View Current ProjectsCloud Controls Matrix and CAIQ v4
Working Group Leadership

David Nickles
AWS
David Nickles is a Global Audit Program Manager for FSI’s at Amazon Web Services (AWS). His work focuses on enabling financial services institutions to move their workloads to the cloud by providing sound guidance for building programs to ensure regulatory, governance, risk, compliance, audit, and security control requirements are met, align to industry best practices, and appropriate due diligence activity is completed. Prior to AWS, David...

Sean Cordero
Sean Cordero brings more than 15 years of information security and IT experience to his current role as director, information security at Optiv. Cordero provides executive level advisement for the company’s Fortune 50 clients. Cordero’s prior leadership roles included: President of Cloud Watchmen, CSO for EdFund, CSO for ECMC West, Director of Security and Compliance for Charlotte Russe.
Cordero is a thought-leader and serves as chair...

Daniele Catteddu
Chief Technology Officer, CSA
Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...

Eleftherios Skoutaris
Program Manager / Research Analyst, CSA EMEA
This person does not have a biography listed with CSA.

Jon-Michael Brook
Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in...
Publications in Review | Open Until |
---|---|
HSM-as-a-Service Use Cases, Considerations, and Best Practices | Dec 09, 2023 |
Glossary of Data Security Terms | Dec 28, 2023 |
CCMV4 SSRM Implementation Guidelines | Jan 04, 2024 |
Who can join?
Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.
What is the time commitment?
The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.
Virtual Meetings
Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.
Dec
6
CCMv4 WG
Additional info:
- Follow up on the latest CCM WG activities in Circle.
- If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here.
- WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://zoom.us/j/245687063
Meeting ID: 245 687 063
Passcode: 621643
One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)
Dial by your location
+1 669 900 9128 US (San Jose)
+1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3
Dec
7
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Dec
14
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Dec
20
CCMv4 WG
Additional info:
- Follow up on the latest CCM WG activities in Circle.
- If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here.
- WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://zoom.us/j/245687063
Meeting ID: 245 687 063
Passcode: 621643
One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)
Dial by your location
+1 669 900 9128 US (San Jose)
+1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3
Dec
21
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Dec
28
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Jan
3
CCMv4 WG
Additional info:
- Follow up on the latest CCM WG activities in Circle.
- If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here.
- WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://zoom.us/j/245687063
Meeting ID: 245 687 063
Passcode: 621643
One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)
Dial by your location
+1 669 900 9128 US (San Jose)
+1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3
Jan
4
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Jan
11
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Jan
17
CCMv4 WG
Additional info:
- Follow up on the latest CCM WG activities in Circle.
- If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here.
- WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://zoom.us/j/245687063
Meeting ID: 245 687 063
Passcode: 621643
One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)
Dial by your location
+1 669 900 9128 US (San Jose)
+1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3
Jan
18
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Jan
25
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Jan
31
CCMv4 WG
Additional info:
- Follow up on the latest CCM WG activities in Circle.
- If having issues finding the CCM WG, please follow the step by step guide to Circle on-boarding here.
- WG call meetings are recorded and made available to the rest of the group. The purpose of the recordings and their use is for the writing of meetings minutes and members in "difficult" time zones only. Please visit the "Data Protection Notice" document, which includes the purposes of use, retention period of audio files, etc.
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://zoom.us/j/245687063
Meeting ID: 245 687 063
Passcode: 621643
One tap mobile
+16699009128,,245687063# US (San Jose)
+16465588656,,245687063# US (New York)
Dial by your location
+1 669 900 9128 US (San Jose)
+1 646 558 8656 US (New York)
Meeting ID: 245 687 063
Find your local number: https://zoom.us/u/ac16Mhvmr3
Feb
1
CCMv4 Workshop Sessions
In overall, the objective of this workshop meeting is to support the CCMv4 WG activities at a more granular level, allowing for smaller group discussions to enter deeper technical details in the ongoing works.
Scope & Objectives:
- Provide guidance to new members participating in the exercise,
- Allowing for participants involved in the mappings to meet up and discuss the consolidation of the provided inputs,
- Discuss and resolve any inquiries, issues, challenges pertaining to the mapping and gap analysis methodology followed,
- Benefit the project by enhancing the collaboration between CCM WG "mapping veterans" and new, less experienced members,
- Share the "know-how" for the proper interpretation and comparison analysis of controls' semantics,
- Obtain a deeper insight and better understanding of the CCMv4 and other international standards control specifications,
- Maintain a steady pace and progress towards the mappings development timeline and meet expected deadlines
Looking forward to lively and fruitful discussions.
Best,
Lefteris
──────────
Eleftherios Skoutaris is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://cloudsecurityalliance.zoom.us/j/94971976122?pwd=NFZsZ0haaU93dXZoc3ZrenZnZHpOQT09
Meeting ID: 949 7197 6122
Passcode: 204148
One tap mobile
+12532158782,,94971976122# US (Tacoma)
+13017158592,,94971976122# US (Germantown)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
Meeting ID: 949 7197 6122
Find your local number: https://cloudsecurityalliance.zoom.us/u/acGzvkc1Sr
──────────
Open Peer Reviews
Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.