News: Latest News
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance Pro.CalendarSectors

Cloud Security Alliance Releases New Cloud Controls Matrix Auditing Guidelines

12/08/2021 | 11:06am EDT

Document provides auditors a baseline understanding of the CCM audit areas, allowing them to better perform a CCM-related audit and assessment

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the Cloud Controls Matrix (CCM) Auditing Guidelines. Drafted by the CCM Working Group, this new addition to the Cloud Controls Matrix v4 contains a set of auditing guidelines tailored to the control specifications of each of the CCM’s 17 cloud security domains. This document provides auditors with a baseline understanding of the CCM audit areas, allowing them to better perform a CCM-related audit and assessment.

The guidelines are an extension of Chapter 7: CCM Auditing Guidelines found in the Certificate of Cloud Auditing Knowledge guide (specifically of subsection 7.5: CCM Audit Workbook) and were drafted to provide direction to:

  • auditors who plan to perform audits against the CCM on cloud service providers (CSPs)
  • cloud service customers (CSCs) using the CCM framework to evaluate their cloud service portfolio, and
  • CSPs or CSCs who intend to use the CCM framework to guide the design, development, and implementation of their cloud security controls.

“We are very excited about the work done with CCM v4. The auditing guidelines represent an additional aid for the organizations adopting CCM and will facilitate and streamline the execution of assessment based on CCM control. This document will clearly make it easier for companies to join the STAR Program,” said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance.

“The guidelines have been drafted in such a way as to allow auditors to tailor various aspects to address their specific objectives and will support a cloud security audit or assessment, regardless of company's size, business, cloud deployment complexity, or maturity level. It’s hoped these guidelines will make it even easier for CSPs and CSCs, who are seeking secure implementation, assessment, and management of cloud services security risks, to determine where the responsibility for various aspects of security lie,” said Sanjeev Gupta, a lead author of the paper.

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing, composed of 197 control objectives structured in 17 domains, covering all key aspects of the cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The controls framework is aligned to the CSA Security Guidance for Cloud Computing and is considered a de-facto standard for cloud security assurance and compliance.

Along with releasing updated versions of the CCM and CAIQ, the Cloud Controls Matrix Working Group provides control mappings, gap analysis, and addendums between the CCM and other industry standards and regulations to keep it continually up to date. Those interested in participating in the working group or its research are invited to join.

Download the CCM Auditing Guidelines now.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at, and follow us on Twitter @cloudsa.

© Business Wire 2021
Latest news "Companies"
03:40ptrivago N.V. Announces Annual General Meeting of Shareholders
03:39pBANCO DO ESTADO DO RIO GRANDE DO SUL S A : Conference Call Transcription 1Q22
03:39pARTNET : African Nations Are More Present at the Venice Biennale Than Ever—But Not Always on Their Own Terms
03:38pExclusive - Stellantis unit FCA reaches plea deal in U.S. emissions probe - sources
03:36pAUTOLIV INC : Entry into a Material Definitive Agreement, Termination of a Material Definitive Agreement, Creation of a Direct Financial Obligation or an Obligation under an Off-Balance Sheet Arrangement of a Registrant, Financial Statements and Exhibits (form 8-K)
03:35pU.S. Oil investors back energy transition plans at shareholder meetings
03:33pICE REVIEW : Canola Weaker With World Vegoils
03:31pNORDEA BANK ABP : Repurchase of own shares on 25.05.2022
03:29pTHE TAKE : Bracing for Economic Downturn and How Tech Can Help
03:29pGLOBAL ARENA HOLDING, INC. Management's Discussion and Analysis of Financial Condition and Results of Operations (form 10-Q/A)
Latest news "Companies"