CSA Cloud Controls Matrix (CCM)

Cloud Controls Matrix (CCM)

The Cloud Security Alliance CCM is a framework that provides fundamental security principles to guide cloud vendors and to assist cloud customers and potential customers in assessing the overall security risk of a cloud provider. It sets out control guidance by service provider and consumer, and by cloud model type and environment. CCM version 3.0.1 provides controls framework in 16 domains consisting a total of 133 controls that are cross-walked to other industry-accepted security standards, regulations, and controls frameworks (including NIST SP800-53r3, ISO 27001/27002,PCI DSS, COBIT 5.0, AICPA Trust Services Criteria, HIPAA/HITECH). The CCM 16 domains are listed below:

The latest version of the CCM (CCM v 4.0.1)  has 197 control objectives that are categorized into 17 domains, as shown in the table below:

Our Related Services

Our team of experienced consultants can assist in the following areas:

  • Establishing a compliance management solution for ongoing monitoring, maintenance, and maturation of your cloud cybersecurity management program

  • Using the Cloud Controls Matrix to evaluate and document your organization security controls to complete the Consensus Assessments Initiative Questionnaire (CAIQ) for CSA STAR Self-assessment

  • Providing gaps analysis report with recommendations on how to close identified gaps in readiness for STAR attestation

  • Improving related business processes, and developing or enhancing necessary security policies and procedures

  • Performing SOC 2 + CSA STAR Attestation

Give us a call at 954-362-7113 or schedule an appointment for a free consultation to get started.

More about other frameworks and standards
NIST SP800-53
NIST Cybersecurity Framework (CSF)
ISO/IEC 27001/27002
Payment Cards Industry Data Security Standard (PCI DSS)
Cybersecurity Maturity Model Certification (CMMC) 2.0 Framework
SWIFT Customer Security Controls Framework
General Data Protection Regulation (GDPR)