The Cloud Controls Matrix (CCM) is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.
CCM is available for free download to help companies evaluate cloud providers and guide security efforts. Security remains a top concern for enterprises as they adopt cloud computing, and the Cloud Controls Matrix is an attempt to bridge the gap and provide a standard for security measures implemented in the cloud.
The Cloud Controls Matrix is part of a set of cloud computing standards from the Cloud Security Alliance called the GRC Stack. The toolkit includes CloudAudit, the Cloud Trust Protocol and the Consensus Assessments Initiative Questionnaire, a set of questions a cloud customer can ask a cloud provider to gauge its security. The Cloud Controls Matrix is aligned with the Cloud Security Alliance’s guidance in 13 security domains such as application security, identity and access management and data center operations and is mapped to multiple industry standards, regulations and frameworks that enterprises must follow, including ISO 27001/27002, PCI DSS, HIPAA and COBIT.
The Cloud Security Alliance released Version 2.1 of its Cloud Controls Matrix in August 2011.