SEATTLE – (COMMERCIAL THREAD) – The Cloud Security Alliance (CSA), the leading global organization dedicated to setting standards, certifications and best practices to help ensure a secure cloud computing environment, today announced the availability of version 4 of the Cloud Controls Matrix (CCM), a leading cybersecurity framework for cloud computing. CCM v4 includes additional controls related to cloud security and privacy and encompasses coverage of requirements arising from new cloud technologies, improved auditability of controls, improved interoperability and compatibility with other standards and offerings. of support to navigate the shared responsibility model of the cloud.
CCM is a cybersecurity control framework for cloud computing that aligns with CSA best practices and is considered the de facto standard for cloud security and privacy. CCM v4 is a significant upgrade from the previous version (v3.0.1) by introducing changes in the framework structure with a new dedicated domain for Logging and Monitoring (LOG), and changes in the domains existing, including governance, risk and compliance (GRC); audit and assurance (A&A); unified endpoint management (UEM); and cryptography, encryption and key management (CEK).
“CSA’s cloud control matrix continues to lead the security industry and market as the cloud provider and user-centric control framework of choice. With an increasingly complex array of cloud technologies, controls and frameworks, it is essential that cloud customers have a clear and definitive idea of the risks, roles and responsibilities facing themselves and the cloud service provider. they chose must join, ”said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
CCMv4 was developed by an expert group of more than 70 practitioners and industry leaders representing key cloud stakeholders, including cloud service providers, cloud customers, auditors, and consulting firms. It has 17 domains, one more than the previous iteration, and a total of 197 checks (up from 133). At the beginning of February, the 64 new controls will be accompanied by mappings with ISO / IEC 27001-2013, ISO / IEC 27017-2015, ISO / IEC 27018-2019, AICPA TSC v2017 and CCM V3.0.1.
“The world is changing at a breakneck pace, and cloud security providers must not only keep pace, but also stay ahead of the curve. CCMv4 provides businesses with an additional layer of transparency and confidence that their CSPs are following recommended security best practices, ”said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance.
In addition to the core set of controls, CCMv4 will deploy additional components over the coming year:
- CCM Implementation Guidelines: Guidance to support the implementation of CCM controls. (Provisional release date: early Q2 2021).
- Consensus Assessment Initiative (CAIQ) Questionnaire: Questionnaire relating to CCM controls (Provisional release date: early Q2 2021)
- Matrix of applicability of controls: Support to define the assignment of responsibilities between cloud service providers and customers. (Provisional release date: start of second quarter 2021)
- Organizational relevance: Support for defining the organizational relevance of each control based on the work of the ASC Enterprise Architecture working group. (Provisional release date: start of second quarter 2021)
- CCM audit guidelines: Guidance to support the audit and evaluation of CCM controls. (Provisional release date: start of third quarter 2021)
- CCM Lite: A lite version of CCM, comprising a subset of CCM controls that represent the core controls of the CCM, that is, those that organizations must implement independently. (Provisional release date: start of fourth quarter 2021)
Translation of CCM into other languages
Beyond the above initiatives, CSA will work during 2021 to create further correspondence with relevant standards, best practices, laws and regulations (e.g. NIST 800-53 Rev 5, ENISA Security Controls for Cloud Services, CIS Controls, PCI-DSS).
The CCMv4 is a free resource and can be downloaded now.
About the Cloud Security Alliance
The Cloud Security Alliance (CSA) is the leading global organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA draws on the subject matter expertise of industry practitioners, associations, governments and its individual companies and members to deliver specific research, training, training, certifications, events and products. to cloud security. CSA’s business, knowledge and vast network benefits the entire cloud-affected community, from suppliers and customers to governments, entrepreneurs and the insurance industry – and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For more information, visit us at www.cloudsecurityalliance.org and follow us on Twitter @cloudsa.