Cloud 101CircleEventsBlog
Participate in the CSA Top Threats to Cloud Computing 2025 peer review to help shape industry insights!

Working Group

Continuous Assurance Metrics

The Continuous Assurance Metrics working group aims to define a catalogue of security attributes and their corresponding metrics, derived from the CSA Cloud Controls Matrix (CCM), which can be used as a reference for auditors, cloud service providers, cloud customers and security solution vendors that wish to engage in continuous audit-based self-assessments or certifications.
View Current Projects
The Continuous Audit Metrics Catalog
The Continuous Audit Metrics Catalog

Download

Continuous Assurance Metrics
Working Group Overview

The Continuous Assurance Metrics working group aims to define a catalogue of security attributes and their corresponding metrics, derived from the CSA Cloud Controls Matrix (CCM), which can be used as a reference for auditors, cloud service providers, cloud customers and security solution vendors that wish to engage in continuous audit-based self-assessments or certifications.


Drafts & Important Docs

Working Group Leadership

Hafiz Sheikh Adnan Ahmed
Hafiz Sheikh Adnan Ahmed

Hafiz Sheikh Adnan Ahmed

Hafiz Sheikh Adnan Ahmed is a futurist and technology/Security leader with 17+ years track record in the areas of ICT Governance, Cyber Security & Resilience, Data Privacy & Protection, Risk Management, Corporate Excellence & Innovation, Digital Transformation, Strategic Transformation.

Read more

Max Pritikin
Max Pritikin

Max Pritikin

Principal Engineer, Cisco

Publications in ReviewOpen Until
AICM mapping to BSI AI C4 CatalogMar 24, 2025
CCMv4.0 Mapping to HITRUST CSF v11.3Mar 25, 2025
SaaS Technical Controls Final DraftApr 03, 2025
The State of Data Privacy EngineeringApr 12, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

AICM mapping to BSI AI C4 Catalog

Open Until: 03/24/2025

The AICM to BSI AI C4 Mapping initiative aims to ensure a comprehensive alignment between the CSA AI Controls Matrix (AICM)...

CCMv4.0 Mapping to HITRUST CSF v11.3

Open Until: 03/25/2025

The Cloud Security Alliance (CSA), would like to announce an additional ma...

SaaS Technical Controls Final Draft

Open Until: 04/03/2025

The Cloud Security Alliance (CSA), in collaboration with MongoDB, GuidePoint Security, and the SaaS Working Group, is invit...

The State of Data Privacy Engineering

Open Until: 04/12/2025

This paper provides a comprehensive overview of Data Privacy Engineering (DPE), its importance, and its application in toda...