logo
logo
Community
Pricing
Sign in
menu-h
  1. Computer and Network Security/
  2. Cryptography

WHAT IS CLOUD CONTROLS MATRIX?

avatar
Ishaan Chaudhary
WHAT IS CLOUD CONTROLS MATRIX?

The Cloud Security Alliance (CSA) has developed a cybersecurity control architecture called the Cloud Controls Matrix (CCM). It's a spreadsheet detailing sixteen categories that span all of the important facets of cloud computing. A total of 133 individual control goals are spread throughout the various domains. By outlining which actors in the cloud supply chain should be responsible for implementing particular security measures, it may be used as a tool for systematic assessment of cloud deployment. Aligned with Security Guidance v4, the controls architecture is widely accepted as an industry benchmark for cloud security assurance and compliance. You may find CCM v3 localizations here.

 

Cloud certification courses will add more value to your resume.

 


STANDARDIZE CONTROLS, REGULATIONS, AND STANDARDS

The CCM controls are matched to widely used security frameworks, policies, and standards. The CCM v4 is currently mapped to the following:


  • ISO/IEC 27001/27002/27017/27018
  • CCM V3.0.1
  • CIS Controls V8.
  • Additional mappings for AICPA TSC, PCI-DSS and NIST 8-53 Rev.5 are under development and other new mappings will also be added in the future.

 

The previous version of the CCM v3.0.1 is mapped to the following standards:


  • ISO 27001/27002/27017/27018
  • NIST SP 800-53
  • AICPA TSC
  • German BSI C5
  • PCI DSS
  • ISACA COBIT
  • NERC CIP
  • FedRamp
  • CIS

·

And many others...

 

 

HOW DOES IT WORK?


Common standards and laws that enterprises must follow are included in the Cloud Controls Matrix, a spreadsheet. Fulfilling the CCM controls also satisfies the requirements of the standards and regulations to which they map. By consolidating the most popular cloud standards into a single location, it lowers the need for using various frameworks and makes cloud security easier to implement. The user is dynamically able to examine, for each control, the various criteria it meets. For instance, meeting the requirements of three separate rules and frameworks may be accomplished by just being in conformance with a single control.

Each control in the CCM specifies the cloud model type (IaaS, PaaS, SaaS) or cloud network environment (public, hybrid, private) to which it applies and who is responsible for enforcing the rule (the CSP or cloud customer). By outlining which control advice is applicable to a cloud service provider and a cloud client, the CCM helps to define the respective duties of each.


FOR CLOUD CUSTOMERS


Evaluate Cloud Service Providers Using the CCM or Use it in Lieu of a Request for Proposal.

Similar to the CCM, the Consensus Assessments Initiative Questionnaire (CAIQ) presents a list of yes/no questions that a cloud user or auditor would want to ask a cloud service. Using the CCM's security controls as a guide, the questions may be used to compile evidence of the presence or absence of security controls in a provider's IaaS, PaaS, and SaaS services. In order to get greater security, several businesses utilize the CAIQ as a foundation for a request for proposal (RFP). The veracity of a vendor's responses during the RFP interview may then be checked by the requesting organization. As of right now, the CAIQ has been adopted by more than 500 different organizations for use in submitting STAR registry self-assessments.

 

 

FOR CLOUD SOLUTION PROVIDERS (CSPS)


Make Use of the CCM When Submitting to the CSA's Database

Security posture ratings on the Security, Trust, Assurance, and Risk (STAR) registry are compared to the CCM. The STAR program advocates for certifications to be adaptable, gradual, and multi-layered, with the ability to interact with widely used third-party examinations to cut down on unnecessary time and money spent. Providers of security services may prove their firm's adherence to applicable policies, guidelines, and frameworks by completing the CCM-aligned portion of an extended question set. Providers should submit the finalized CAIQ to the STAR Registry so that it may be accessed by the general public.

 

Several reputed institutes now offer cloud computing online courses too.

 


SECURITY DOMAINS COVERED BY THE CCM

The latest version of the CSA Cloud Controls Matrix, version 4.0, is presently under development. Changes to the framework's structure, including the addition of a new domain for Log and Monitoring (LOG), and tweaks to the current domains make CCM v.4 a substantial improvement over its predecessor, version 3.0.1. (GRC, A&A, UEM, CEK). As a consequence of creating new controls and improving upon old ones, this revision will also bring with it a substantial rise in requirements.

 

The CCM v.4 version also includes the following new capabilities:


Protection against gaps in service caused by the emergence of new cloud computing standards

Matrix of new responsibilities and controls for cyber security

Controls that are more easily audited and that work better with other standards in terms of interoperability and compatibility.

 

Updated in version 4, the Cloud Controls Matrix (CCM) now includes coverage in the following areas:


  • Application & Interface Security
  • Audit and Assurance
  • Business Continuity Mgmt & Op Resilience
  • Change Control & Configuration Management
  • Data Security & Privacy Lifecycle Management
  • Datacenter Security
  • Cryptography, Encryption and Key Management
  • Governance, Risk Management and Compliance
  • Human Resources Security
  • Identity & Access Management
  • Security Infrastructure & Virtualization
  • Interoperability & Portability
  • Universal EndPoint Management
  • Security Incident Management, E-Discovery & Cloud Forensics
  • Supply Chain Management, Transparency & Accountability
  • Threat & Vulnerability Management
  • Logging and Monitoring

 

 

WHAT HAPPENS IF A NEW LAW OR INDUSTRY STANDARD EMERGES THAT CCM V. 1.0 DOES NOT ACCOUNT FOR?

When a new framework or rule comes into effect in a particular area, CSA will publish a CCM mapping to help businesses comply. Here is a complete catalog of Cloud Controls Matrix (CCM) mappings.

 

RECENTLY UPDATED CCM MAPPINGS

 

Gap Analysis Report

The Singapore Banking Association's Cloud Computing Implementation Guide 2.0 is mapped to the Cloud Security Alliance's Cloud Controls Matrix v3.0.1 Enterprise Architecture and the CCM Shared Responsibility Model.

 

CSA CCM v3.0.1 Addendum

Cloud OS Security Specifications

Mapping of 'The Guidelines' Security Recommendations to CCM

 

CCM v3.0.1 Addendum - FedRAMP Moderate

CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate

CSA CCM v3.0.1 Addendum - AICPA TSC 2017

 

A cloud architect course will enhance your knowledge and skills.

collect
0
avatar
Ishaan Chaudhary
Related Articles
WHAT IS CLOUDABILITY?
Ishaan Chaudhary 2023-02-08
img
Storment started Cloudability in 2011, and the company is headquartered in Rose City. IT and finance experts make up the bulk of the company's target market for cloud cost management technologies. By allocating and charging back expenses, businesses can see how much money is being spent on cloud services and where that money is going. In addition, Cloudability provides an AWS Reserved Instance Planner to help customers with the purchase of Reserved Instances. However, the Enterprise plan includes more tools and more assistance from Cloudability's team.
collect
0
What is Cartography in Cloud Computing?
Nishit Agarwal 2022-05-16
img
While cloud cartography can assist legitimate customers in making a cloud provider's services more efficient, critics of this form of mapping point out that cloud cartography might expose service providers to certain types of liabilities from outside hackers or attackers. In principle, hackers may utilize cloud mapping methodologies to determine the location of virtual machines and subsequently launch so-called side-channel attacks.  Comprehensive cloud computing courses will enhance your knowledge and skills. Several reputed institutes now offer cloud computing online courses. Several reputed institutes in leading Indian cities offer relevant courses, like the cloud computing courses in Hyderabad.
collect
0
Cloud Computing: Reshaping Enterprise Apps in 2023
Sigma Solve 2023-04-19
img
As businesses increasingly rely on digital solutions to drive their operations, the scalability, flexibility, and cost-efficiency offered by cloud computing services make it the future of enterprise apps in 2023 and beyond. The future of cloud computing is bright, with Amazon Web Services leading the way as a leading cloud computing solution. According to a 2019 survey of technical specialists from different firms, enterprise cloud technology has recently experienced tremendous adoption, with anticipated adoption rates of 91% for public cloud solutions and 72% for private cloud services. Several factors drive organizations to quickly adopt enterprise cloud technology:Cost savingsAdopting an enterprise cloud solution often allows businesses to leverage pay-as-you-go pricing, meaning they only pay for the resources they use. As a consequence, enterprise cloud users frequently notice lower, less unpredictable, and easier IT costs.
collect
0
What is Data Disaster Recovery in Cloud and How to Do it?
Viraj Yadav 2021-12-10
img
Managing a backup data center for traditional disaster recovery may be time-consuming and costly. There are several suppliers of disaster recovery as a service to select from, with three primary models: ● Managed DRaaS: A third party assumes complete responsibility for disaster recovery in a managed DRaaS approach. The service provider provides knowledge for improving disaster recovery procedures under this model, but the client is responsible for implementing portions or all of the disaster recovery plan. If you wish to migrate to VMware Cloud on AWS on your own, you might explore VMware Cloud Disaster Recovery and VMware Site Recovery options and study cloud computing certification online. In the event of a disaster, important workloads can failover to a disaster recovery site to allow business activities to restart.
collect
0
Cloud Computing Software, Services & Solutions
Benedict Tadman 2018-08-29
img

AllianceTek - Get complete Cloud Computing solutions like architecture, Application development, software development services & Cloud Computing SaaS to slash information technology costs and empower employees to work on any device wherever they are, maximizing performance.

collect
0
Elevating Quality Assurance with Cloud Testing Services: A Look at V2Soft
V2Soft 2023-10-24
img
This is where a specialized "Cloud Testing Company" like V2Soft comes into play, offering expertise in various types of cloud computing, cloud hosting consulting, and testing cloud applications. In this blog, we'll explore the significance of cloud testing services and dive deeper into the capabilities of V2Soft. Their holistic approach to testing cloud applications, coupled with their top-notch cloud hosting consulting services, makes them the ideal choice for businesses seeking a seamless transition to the cloud. When it comes to cloud testing services, V2Soft is the partner you can trust to elevate your quality assurance standards. For more information on cloud testing and hosting consulting services, feel free to contact V2Soft today.
collect
0
WHO TO FOLLOW
MORE FROM AUTHOR
What is Data Imputation?
Ishaan Chaudhary 2023-03-09
collect
0
What is Hidden Markov Model?
Ishaan Chaudhary 2023-03-09
img
collect
0
What is LightGBM?
Ishaan Chaudhary 2023-03-09
img
collect
0
A Comprehensive Guide for Transfer Learning
Ishaan Chaudhary 2023-03-09
img
collect
0
guide
Zupyak is the world’s largest content marketing community, with over 400 000 members and 3 million articles. Explore and get your content discovered.
Read more
WHO TO FOLLOW
Press enter to search  enter
articles
Cloud Computing Solutions For Small Business
E2E Networks 2018-10-16
img

E2E Networks is an Indian cloud computing provider helping startups & SME businesses in India to increase performance and reduce their existing cloud spend.

At E2E Networks, we built our own cloud infrastructure and developed our own Technology Stacks, making our cloud services most affordable in the market.Our team consists of professionals with years of experience & domain knowledge in managing & implementing services on a cloud computing platform.Get in touch with our experts for a free consultation @011-3001-8095

collect
0
Know Here Is Cloud Computing Course Difficult To Learn?
Careerera Education 2021-05-07
img

The cloud computing field is growing at a very fast rate.

Every year, millions of companies approach cloud computing service providers to avail their cloud computing services.

This popularity of cloud computing is discussed in the Cloud Computing Course.

To know in detail about "Is Cloud Computing Course Difficult To Learn?"

gO through this blog...Website:- https://www.careerera.com/blog/is-cloud-computing-difficult-to-learnCall us:- +91-925-000-4000 +1-844-889-4054

collect
0
Cloud Computing Service Providers | ConvrtX
Convrtx 2022-04-25
img
ConvrtX is a Cloud Computing Service Provider that has been offering a Service since 2005. It is built with the customer in mind and provides the most reliable cloud computing service to its customers. Many cloud computing service providers have created cloud applications such as Google Stadia, that facilitate the entertainment industry to interact with the target audience. Various entertainment applications, such as online games and video conferencing, are available through cloud computing. 'Zoom' is one such application that provides users with all of the necessary capabilities for flawless video conferencing.
collect
0
5 Signs That the End of Cloud Is Nigh.
Vuesol 2021-11-25
img
Cloud computing is self-service, on-demand availability of computer services over the internet to provide innovation, flexible resources, and economies of scale. Many clients feel concerned when sensitive data and mission - critical applications move to a cloud computing paradigm in which providers cannot guarantee the efficiency of their security and privacy safeguards.
collect
0
12 cloud computing challenges businesses face
jaya 2023-10-07
img
12 Cloud Computing Challenges Businesses FaceIn today's digital age, cloud computing has become an integral part of the business landscape. However, like any technology, cloud computing comes with its set of challenges that businesses must navigate. In this article, we will explore the 12 common cloud computing challenges that businesses often encounter and discuss strategies to overcome them. Cost ManagementWhile cloud computing can reduce infrastructure costs, it can also lead to unexpected expenses if not managed efficiently. ConclusionWhile cloud computing offers numerous advantages, businesses must navigate various challenges to harness its full potential.
collect
0
Cloud Computing Services in South Africa | Solid Systems
sunitasharma 2022-09-16
img
What are Cloud Services? How Do Cloud Services Work? Rather than having your own servers and hard drives dedicated to the storage of vital documentation, service in cloud computing is provided by third-party providers. Solid Systems is a Cloud Services Provider in South Africa, offering a wide range of Cloud services to suit your business. Get in Touch with us to explore the benefits of using cloud solutions with Solid Systems.
collect
0
Unlock the Power of Polycloud and Leverage It To Revolutionize Your Business
Manohar Parakh 2023-03-13
img
By leveraging the strengths of various cloud services, businesses can customize their operations to meet specific needs, adapt quickly to changing demands, and gain a competitive edge in their industry. How Polycloud Can Help You Achieve Maximum Efficiency & Cost Savings? One of the main advantages of polycloud is its ability to help businesses achieve maximum efficiency and cost savings. By combining multiple cloud services, businesses can take advantage of each provider’s unique strengths, while minimizing their weaknesses. By leveraging the right mix of cloud services, businesses can reduce their infrastructure costs, optimize their workflows, and improve their overall efficiency.
collect
0
Cloud Computing Services and Cloud Migration Services.
Dinesh Harikrishnan 2019-01-30
img
CloudNow Technologies is a cloud consulting and cloud services provider which facilitates the cloud migration of enterprises and helps them harness the power of cloud computing.
collect
0
What is a Hypervisor?
Nilesh Parashar 2022-05-13
img
It is sometimes referred to as a "Native Hypervisor" or a "Bare Metal Hypervisor. TYPE-2 Hypervisor: A Host operating system operates on the underlying host system. The hypervisor requests that the operating system perform hardware calls. Type-2 Hypervisor Advantages and Disadvantages:Pros: This type of hypervisor enables rapid and easy access to a guest operating system while the host computer is still running. The following are the requirements for a virtualization hypervisor:AdaptabilityScalability Usability Availability Dependability Efficiency Dependable support2.
collect
0
Cloud computing courses in Chennai
priya rajesh 2018-07-30
img

Cloud computing has become a buzzword on the internet.

It is the process of delivering services hosted on the remote data centers.

You can store and access your data over the internet.

It is possible to edit, access and share data anywhere anytime.

Cloud computing is the delivery of computing services – storage, networking, software, server, analytics, database and much more.

Companies offer computing services called cloud providers.

collect
0
SaaS vs Cloud Services: Explained and Compared
Maxim Churilov 2018-12-10
img

While most modern companies think of utilizing cloud computing for their business, it remains an umbrella term for several cloud services, which covers a lot of online territories. As you start taking advantage of the cloud for your business, it is vital to really figure out the difference between SaaS and other cloud services.

People tend to use the terms SaaS vs Cloud services as interchangeable notions and this is wrong. The first thing you need to remember is that Cloud and SaaS are not equivalent.

collect
0
Skyrocket Your Business with Our Cloud Migration Consulting Services
Steve Johnson 2023-05-02
img
The Importance of Cloud Migration ConsultingThis is where cloud migration consulting comes in. Choosing the Right Cloud Migration Consulting ServicesWhen it comes to choosing a provider for cloud migration consulting services, there are a number of factors to consider. The Process of Cloud Migration ConsultingSo, what does the process of cloud migration consulting actually look like? Creating a Customized Cloud Migration PlanOnce your current infrastructure and goals have been assessed, the next step is to develop a customized cloud migration plan. Don't let your competition get ahead - trust our team to help you skyrocket your business with our cloud migration consulting services.
collect
0
All About Cloud Computing Services and its Types
Business ICTPartners 2020-07-07
img

Cloud computing is a remote service that takes the form of infrastructure, software, storage, platforms, and a host of others.

It refers to the delivery of processing in a type of service and not as a product.

Today, cloud computing meant a new model for IT services delivery consumption.Visit: https://www.slideserve.com/businessictpartner/all-about-cloud-computing-services-and-its-types-powerpoint-ppt-presentation

collect
0
Cloud Computing Services - Livsite
Livsite 2022-03-14
img
The term is by and large used to depict data centres accessible to numerous clients over the Web. Rather than buying, working, and keeping up with physical data centers and servers,you might lease computing power, storage, and databases from a cloud supplier like Livsite depending upon the situation. Who is utilizing cloud computing? Healthcare organisations are also utilising the cloud to produce more customized therapies for patients. The cloud is being used by financial organizations to help ongoing extortion analysis and counteraction.
collect
0
Cloud Computing Solutions For Small Business
E2E Networks 2018-10-16
img

E2E Networks is an Indian cloud computing provider helping startups & SME businesses in India to increase performance and reduce their existing cloud spend.

At E2E Networks, we built our own cloud infrastructure and developed our own Technology Stacks, making our cloud services most affordable in the market.Our team consists of professionals with years of experience & domain knowledge in managing & implementing services on a cloud computing platform.Get in touch with our experts for a free consultation @011-3001-8095

What is a Hypervisor?
Nilesh Parashar 2022-05-13
img
It is sometimes referred to as a "Native Hypervisor" or a "Bare Metal Hypervisor. TYPE-2 Hypervisor: A Host operating system operates on the underlying host system. The hypervisor requests that the operating system perform hardware calls. Type-2 Hypervisor Advantages and Disadvantages:Pros: This type of hypervisor enables rapid and easy access to a guest operating system while the host computer is still running. The following are the requirements for a virtualization hypervisor:AdaptabilityScalability Usability Availability Dependability Efficiency Dependable support2.
Know Here Is Cloud Computing Course Difficult To Learn?
Careerera Education 2021-05-07
img

The cloud computing field is growing at a very fast rate.

Every year, millions of companies approach cloud computing service providers to avail their cloud computing services.

This popularity of cloud computing is discussed in the Cloud Computing Course.

To know in detail about "Is Cloud Computing Course Difficult To Learn?"

gO through this blog...Website:- https://www.careerera.com/blog/is-cloud-computing-difficult-to-learnCall us:- +91-925-000-4000 +1-844-889-4054

Cloud computing courses in Chennai
priya rajesh 2018-07-30
img

Cloud computing has become a buzzword on the internet.

It is the process of delivering services hosted on the remote data centers.

You can store and access your data over the internet.

It is possible to edit, access and share data anywhere anytime.

Cloud computing is the delivery of computing services – storage, networking, software, server, analytics, database and much more.

Companies offer computing services called cloud providers.

Cloud Computing Service Providers | ConvrtX
Convrtx 2022-04-25
img
ConvrtX is a Cloud Computing Service Provider that has been offering a Service since 2005. It is built with the customer in mind and provides the most reliable cloud computing service to its customers. Many cloud computing service providers have created cloud applications such as Google Stadia, that facilitate the entertainment industry to interact with the target audience. Various entertainment applications, such as online games and video conferencing, are available through cloud computing. 'Zoom' is one such application that provides users with all of the necessary capabilities for flawless video conferencing.
SaaS vs Cloud Services: Explained and Compared
Maxim Churilov 2018-12-10
img

While most modern companies think of utilizing cloud computing for their business, it remains an umbrella term for several cloud services, which covers a lot of online territories. As you start taking advantage of the cloud for your business, it is vital to really figure out the difference between SaaS and other cloud services.

People tend to use the terms SaaS vs Cloud services as interchangeable notions and this is wrong. The first thing you need to remember is that Cloud and SaaS are not equivalent.

5 Signs That the End of Cloud Is Nigh.
Vuesol 2021-11-25
img
Cloud computing is self-service, on-demand availability of computer services over the internet to provide innovation, flexible resources, and economies of scale. Many clients feel concerned when sensitive data and mission - critical applications move to a cloud computing paradigm in which providers cannot guarantee the efficiency of their security and privacy safeguards.
12 cloud computing challenges businesses face
jaya 2023-10-07
img
12 Cloud Computing Challenges Businesses FaceIn today's digital age, cloud computing has become an integral part of the business landscape. However, like any technology, cloud computing comes with its set of challenges that businesses must navigate. In this article, we will explore the 12 common cloud computing challenges that businesses often encounter and discuss strategies to overcome them. Cost ManagementWhile cloud computing can reduce infrastructure costs, it can also lead to unexpected expenses if not managed efficiently. ConclusionWhile cloud computing offers numerous advantages, businesses must navigate various challenges to harness its full potential.
Skyrocket Your Business with Our Cloud Migration Consulting Services
Steve Johnson 2023-05-02
img
The Importance of Cloud Migration ConsultingThis is where cloud migration consulting comes in. Choosing the Right Cloud Migration Consulting ServicesWhen it comes to choosing a provider for cloud migration consulting services, there are a number of factors to consider. The Process of Cloud Migration ConsultingSo, what does the process of cloud migration consulting actually look like? Creating a Customized Cloud Migration PlanOnce your current infrastructure and goals have been assessed, the next step is to develop a customized cloud migration plan. Don't let your competition get ahead - trust our team to help you skyrocket your business with our cloud migration consulting services.
Cloud Computing Services in South Africa | Solid Systems
sunitasharma 2022-09-16
img
What are Cloud Services? How Do Cloud Services Work? Rather than having your own servers and hard drives dedicated to the storage of vital documentation, service in cloud computing is provided by third-party providers. Solid Systems is a Cloud Services Provider in South Africa, offering a wide range of Cloud services to suit your business. Get in Touch with us to explore the benefits of using cloud solutions with Solid Systems.
All About Cloud Computing Services and its Types
Business ICTPartners 2020-07-07
img

Cloud computing is a remote service that takes the form of infrastructure, software, storage, platforms, and a host of others.

It refers to the delivery of processing in a type of service and not as a product.

Today, cloud computing meant a new model for IT services delivery consumption.Visit: https://www.slideserve.com/businessictpartner/all-about-cloud-computing-services-and-its-types-powerpoint-ppt-presentation

Unlock the Power of Polycloud and Leverage It To Revolutionize Your Business
Manohar Parakh 2023-03-13
img
By leveraging the strengths of various cloud services, businesses can customize their operations to meet specific needs, adapt quickly to changing demands, and gain a competitive edge in their industry. How Polycloud Can Help You Achieve Maximum Efficiency & Cost Savings? One of the main advantages of polycloud is its ability to help businesses achieve maximum efficiency and cost savings. By combining multiple cloud services, businesses can take advantage of each provider’s unique strengths, while minimizing their weaknesses. By leveraging the right mix of cloud services, businesses can reduce their infrastructure costs, optimize their workflows, and improve their overall efficiency.
Cloud Computing Services - Livsite
Livsite 2022-03-14
img
The term is by and large used to depict data centres accessible to numerous clients over the Web. Rather than buying, working, and keeping up with physical data centers and servers,you might lease computing power, storage, and databases from a cloud supplier like Livsite depending upon the situation. Who is utilizing cloud computing? Healthcare organisations are also utilising the cloud to produce more customized therapies for patients. The cloud is being used by financial organizations to help ongoing extortion analysis and counteraction.
Cloud Computing Services and Cloud Migration Services.
Dinesh Harikrishnan 2019-01-30
img
CloudNow Technologies is a cloud consulting and cloud services provider which facilitates the cloud migration of enterprises and helps them harness the power of cloud computing.