Definition

Cloud Controls Matrix

Contributor(s): Marcia Savage
This definition is part of our Essential Guide: How to evaluate, choose and work securely with cloud service providers

The Cloud Controls Matrix (CCM) is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

The Cloud Controls Matrix is aligned with CSA’s guidance in 16 security domains, including application security, identity and access management, mobile security, encryption and key management and data center operations. CCM, which is part of the CSA Governance, Risk and Compliance (GRC) Stack, is mapped to multiple industry standards, regulations and frameworks that enterprises must follow, including ISO 27001/27002, PCI DSS, HIPAA and COBIT.
 

CCM v3.0.1 is available as a free download to help companies evaluate cloud providers and guide security efforts. The matrix can also be used by cloud providers who wish to submit themselves to the CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by cloud computing service providers.

 

The Cloud Controls Matrix is designed to align well with the Consensus Assessments Initiative Questionnaire (CAIQ), a yes/no question set for identifying specific topics that a customer may want to discuss with potential cloud service providers.

See also: cloud computing maturity model

This was last updated in July 2014

Continue Reading About Cloud Controls Matrix

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close