Essential Guide

Browse Sections

How to evaluate cloud providers
The realities of working with a cloud provider
Cloud provider metrics and controls
Expert advice for potential CSP customers
- Guard security with a careful cloud provider evaluation
- What cloud providers' customers must know about security standards and provider visibility
Do you know cloudspeak?

BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

This content is part of the Essential Guide: How to evaluate, choose and work securely with cloud service providers

Definition

Cloud Controls Matrix

WhatIs.com

Contributor(s): Marcia Savage

The Cloud Controls Matrix (CCM) is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

The Cloud Controls Matrix is aligned with CSA’s guidance in 16 security domains, including application security, identity and access management, mobile security, encryption and key management and data center operations. CCM, which is part of the CSA Governance, Risk and Compliance (GRC) Stack, is mapped to multiple industry standards, regulations and frameworks that enterprises must follow, including ISO 27001/27002, PCI DSS, HIPAA and COBIT.

CCM v3.0.1 is available as a free download to help companies evaluate cloud providers and guide security efforts. The matrix can also be used by cloud providers who wish to submit themselves to the CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by cloud computing service providers.

The Cloud Controls Matrix is designed to align well with the Consensus Assessments Initiative Questionnaire (CAIQ), a yes/no question set for identifying specific topics that a customer may want to discuss with potential cloud service providers.

This was last updated in July 2014

Continue Reading About Cloud Controls Matrix

Cloud security standards provide assessment guidelines

CSA on its Cloud Controls Matrix

CSA cloud provider registry aims to boost cloud transparency

CSA licenses cloud transparency tool from CSC

CSA Cloud Controls Matrix page

Dig Deeper on Cloud Computing Frameworks and Standards

CAIQ (Consensus Assessments Initiative Questionnaire) The Consensus Assessments Initiative Questionnaire (CAIQ) is a survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud service provider.

How can enterprises use SOC 2 reports to evaluate cloud providers? Enterprises can use SOC 2 reports to evaluate cloud service providers. Expert Matthew Pascucci discusses the effectiveness of doing so, and what else companies can use.

How to achieve better cloud security for your enterprise Better security in the cloud is possible. Learn what national standards and the CSA can do, what they cannot and how to plug the security gap.

CSA releases new Cloud Controls Matrix and CAIQ standards The Cloud Security Alliance has updated its Cloud Controls Matrix (CCM) and Consensus Assessments Questionnaire (CAIQ) to help enterprises standardize cloud provider security assessments.

CloudTrust Protocol (CTP) The CloudTrust Protocol or CTP is a mechanism that helps cloud service customers request and retrieve standardized inquiries about cloud provider transparency.

CSA STAR analysis: Processes for cloud provider security evaluation Security expert Ed Moyle explains the CSA STAR certification program and how enterprises can use it to improve cloud provider security evaluations.

Essential Guide

Cloud Controls Matrix

Continue Reading About Cloud Controls Matrix

Dig Deeper on Cloud Computing Frameworks and Standards

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchSecurity

DOJ takes action against Dridex malware group, Evil Corp

Session cookie mishap exposed HackerOne private reports

NSS Labs drops antitrust suit against AMTSO, Symantec and ESET

SearchCloudComputing

Review these Azure Service Bus best practices

Instill cloud change management best practices

How much cloud does an IT disaster recovery plan need?

SearchAWS

Overcome these VMware Cloud on AWS migration challenges

New AWS cost management tool, instance tactics to cut cloud bills

A complete guide to AWS re:Invent 2019

SearchCloudApplications

SearchServerVirtualization

How to deploy graphics devices using Hyper-V DDA

Learn to integrate VMs and containers in your data center

Dockerfile commands for containerizing applications

SearchVMware

The key VMware acquisitions and announcements in 2019

VMware Cloud on AWS cost and capabilities -- then vs. now

VMware HCX improves VM mobility between vSphere clusters

ComputerWeekly.com

FCO to boost cloud analysis setup

Tories plan electronic visa waiver for EU citizens

Dutch government must sort IT mess as priority

Continue Reading About Cloud Controls Matrix

Related Terms

Dig Deeper on Cloud Computing Frameworks and Standards

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.

File Extensions and File Formats