The CSA Cloud Controls Matrix (CCM) Verion 3 is a cybersecurity control framework for cloud computing, currently composed of 133 control objectives that are structured in 16 domains covering all key aspects of the cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain.
The controls framework is currently considered a de-facto standard for cloud security assurance and compliance. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. The foundations of the CCM rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.
A Working Group was created and entrusted with releasing updated versions of the CCM. This working group provides addendums, control mappings and gap analysis between the CCM and other research releases, industry standards, and regulations to keep it continually up to date. And, I am honored to be a part of this working group.
To quote Daniele Catteddu, CTO, Cloud Security Alliance – The new CCM will include new additional controls and enhanced versions of existing ones, so to better reflect the evolution of the cloud landscape both in terms of technology and legal & regulatory environment and to ensure better auditability.
The CCM v4 will have 17 domains, compared to the 16 of v3.0.1, and about 50% more controls, from 133 controls to approximately 197 controls. Isn’t that great?
The new CCM controls will be accompanied by the mapping with the following standards (release date February’20):
- ISO/IEC 27001-2013
- ISO/IEC 27017-2015
- ISO/IEC 27018-2019
- AICPA TSC v2017
- CCM V3.0.1
The release date for Cloud Control Matrix (CCM) Version 4 is set to be 19th January’21.
Do checkout CSA official website for the same.