The Cloud Security Alliance Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing.

Tim Layton Photo

The latest release of CSA’s Cloud Controls Matrix is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology.

It is the single most comprehensive set of actionable enterprise cloud security controls available.

The CCM can be used as a tool for a best practice systematic assessment of your existing cloud implementation, and it also provides guidance on which security controls should be implemented by which actor (provider or consume) within the cloud supply chain.

The CCM controls framework is aligned to the CSA Security Guidance for Cloud Computing, and is considered a de-facto standard for cloud security assurance and compliance. The CSA Security Guidance document is one of the most valuable assets any cloud security professional can have in their tool bag. And, the best part is that it’s free!

The CSA Security Guidance for Cloud Computing is critical to understand if you are a cloud security professional, or aspiring to be one. It is also the foundation of the CCSK body of knowledge.

If you truly know the cloud security principles in the CSA Security Guidance document, then you are already miles ahead of your peers.

NOTE: ** Version 4 of the Cloud Controls Matrix (CCM) has been combined with the Consensus Assessment Initiative Questionnaire (CAIQ). You can read about the updates regarding CAIQ v4 on the CSA blog.

Get My Free Cloud Security Risk Management Journal

Which Cloud Security Domains Are Covered By The CCM?

The CCM Working Group

Interested in learning about and/or contributing to future versions of the Cloud Controls Matrix? Participate in peer reviews, surveys, or join the CCM. Working Group and be part of an elite team that is helping shape the future of cloud computing security.

Get My Free Cloud Security Risk Management Journal