Definition

Cloud Controls Matrix

Contributor(s): Marcia Savage

The Cloud Controls Matrix (CCM) is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

The Cloud Controls Matrix is aligned with CSA’s guidance in 16 security domains, including application security, identity and access management, mobile security, encryption and key management and data center operations. CCM, which is part of the CSA Governance, Risk and Compliance (GRC) Stack, is mapped to multiple industry standards, regulations and frameworks that enterprises must follow, including ISO 27001/27002, PCI DSS, HIPAA and COBIT.

CCM v3.0.1 is available as a free download to help companies evaluate cloud providers and guide security efforts. The matrix can also be used by cloud providers who wish to submit themselves to the CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by cloud computing service providers.

The Cloud Controls Matrix is designed to align well with the Consensus Assessments Initiative Questionnaire (CAIQ), a yes/no question set for identifying specific topics that a customer may want to discuss with potential cloud service providers.

This was last updated in July 2014

Continue Reading About Cloud Controls Matrix

Cloud security standards provide assessment guidelines

CSA on its Cloud Controls Matrix

CSA Cloud Controls Matrix page

Dig Deeper on Cloud Computing Frameworks and Standards

SearchSecurity

Cloud Controls Matrix

Continue Reading About Cloud Controls Matrix

Dig Deeper on Cloud Computing Frameworks and Standards

7 free GRC tools every compliance professional should know about

Understanding the CSA Cloud Controls Matrix and CSA CAIQ

CAIQ (Consensus Assessments Initiative Questionnaire)

Cloud Security Alliance (CSA)

SearchSecurity

Standardize cybersecurity terms to get everyone correct service

SolarWinds breach news center

Adopting threat hunting techniques, tactics and strategy

SearchCloudComputing

IBM acquisition spree targets hybrid cloud consulting market

How to choose between IaaS and SaaS cloud models

COVID-19 and remote work shift cloud predictions for 2021

SearchAWS

Amazon's impact on publishing transforms the book industry

How Amazon and COVID-19 influence 2020 seasonal hiring trends

New Amazon grocery stores run on computer vision, apps

SearchServerVirtualization

What's the difference between Type 1 vs. Type 2 hypervisor?

OpenShift Virtualization 2.5 simplifies VM modernization

Get to know Oracle VM VirtualBox 6.1 and learn to install it

SearchVMware

Inside VMware Cloud Foundation components in 4.0

VMware enhances NSX-T 3.0 to ease networking

The new features of vSphere 7 DRS

ComputerWeekly.com

Vodafone unveils ‘instant’ Wi-Fi

BT connects Dutch diplomatic missions

Nine out of 10 UK card payments in 2020 were contactless

Continue Reading About Cloud Controls Matrix

Related Terms

Dig Deeper on Cloud Computing Frameworks and Standards

7 free GRC tools every compliance professional should know about

Understanding the CSA Cloud Controls Matrix and CSA CAIQ

CAIQ (Consensus Assessments Initiative Questionnaire)

Cloud Security Alliance (CSA)