#
CSA Cloud Controls Matrix (CCM)
#
Acronyms, Abbreviations, and Initialisms
#
Overview
The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing.
It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain.
#
Domains
- A&A Audit & Assurance
- AIS Application & Interface Security
- BCR Business Continuity Management and Operational Resilience
- CCC Change Control and Configuration Management
- CEK Cryptography, Encryption & Key Management
- DCS Datacenter Security
- DSP Data Security and Privacy Lifecycle Management
- GRC Governance, Risk and Compliance
- HRS Human Resources Security
- IAM Identity & Access Management
- IPY Interoperability & Portability
- IVS Infrastructure & Virtualization Security
- LOG Logging and Monitoring
- SEF Security Incident Management, E-Discovery, & Cloud Forensics
- STA Supply Chain Management, Transparency, and Accountability
- TVM Threat & Vulnerability Management
- UEM Universal Endpoint Management
#
Mappings
Mappings identify the equivalence, gaps, and misalignment between the control specifications of the CCM v4 and the following standards:
- ISO/IEC 27001
- ISO/IEC 27002
- ISO/IEC 27017
- ISO/IEC 27018
- CCM v3.0.1
- AICPA TSC
- CIS Controls v8
- NIST 800-53 Rev. 5
- PCI DSS v3.2.1
#
Noteworthy
- The CCM is composed of 197 control objectives that are structured in 17 domains.
- The CCM provides guidance on which security controls should be implemented by which actor within the cloud supply chain.
#
Sources
- https://cloudsecurityalliance.org/research/cloud-controls-matrix
- https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4