Cloud Security Alliance Publishes Enhancement to Cloud Control Matrix

What is the Cloud Control Matrix (CCM)?

The Cloud Controls Matrix (CCM) is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002/27017/27018, AICPA TSP, ISACA COBIT, PCI DSS, NIST SP800-53, Jericho Forum and many others and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.

Since its publication in 2010, the CCM has been continuously improved to keep up to date with changes to industry-accepted standards. The recently published C5 Addendum contains additional controls that serve to bridge the gap between CCM and the German Federal Office for Information Security (BSI) Compliance Controls Catalogue (C5).

EU-SEC Involvement

The work on C5 addendum was largely done in the context of the EU-SEC project, by consortium members PwC and CSA. Daniele Catteddu, Chief Technology Officer at CSA said, “This is a very good achievement for the project in terms of exploitation. We have worked together to produce a document that organizations will find useful for their cloud security compliance programs.”

CSA is currently inviting interested parties to give feedback on the CCM addenda. Take a look at their blog to find out more

About CSA

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.  

Related Links: