# CSA Cloud Controls Matrix (CCM)

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
CCM Cloud Controls Matrix
CSA Cloud Security Alliance

# Overview

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing.

It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain.

# Domains

  • A&A Audit & Assurance
  • AIS Application & Interface Security
  • BCR Business Continuity Management and Operational Resilience
  • CCC Change Control and Configuration Management
  • CEK Cryptography, Encryption & Key Management
  • DCS Datacenter Security
  • DSP Data Security and Privacy Lifecycle Management
  • GRC Governance, Risk and Compliance
  • HRS Human Resources Security
  • IAM Identity & Access Management
  • IPY Interoperability & Portability
  • IVS Infrastructure & Virtualization Security
  • LOG Logging and Monitoring
  • SEF Security Incident Management, E-Discovery, & Cloud Forensics
  • STA Supply Chain Management, Transparency, and Accountability
  • TVM Threat & Vulnerability Management
  • UEM Universal Endpoint Management

# Mappings

Mappings identify the equivalence, gaps, and misalignment between the control specifications of the CCM v4 and the following standards:

# Noteworthy

  • The CCM is composed of 197 control objectives that are structured in 17 domains.
  • The CCM provides guidance on which security controls should be implemented by which actor within the cloud supply chain.

# Sources