Cloud Controls Matrix
The Cloud Controls Matrix (CCM) is a baseline set of security controls created by theCloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.
The Cloud Controls Matrix is aligned with CSA’s guidance in 16 security domains, including application security, identity and access management, mobile security, encryption and key management and data center operations.CCM, which is part of the CSA Governance, Risk and Compliance (GRC) Stack, is mapped to multiple industry standards, regulations and frameworks that enterprises must follow, includingISO 27001/27002,PCI DSS,HIPAA andCOBIT.
CCM v3.0.1 is available as a free download to help companies evaluatecloud providers and guide security efforts. The matrix can also be used by cloud providers who wish to submit themselves to the CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided bycloud computing service providers.
The Cloud Controls Matrix is designed to align well with theConsensus Assessments Initiative Questionnaire (CAIQ),a yes/no question set for identifying specific topics that a customer may want to discuss with potential cloud service providers.
See also: cloud computing maturity model
Continue Reading About Cloud Controls Matrix
Related Terms
- What is HRIS (human resources information system)?
- A human resources information system (HRIS) is software that aids organizations in maintaining detailed employee information and ... See complete definition
- What is regulatory compliance?
- Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business... See complete definition
- What is SOX compliance? A complete guide and checklist
- SOX compliance entails adhering to the Sarbanes-Oxley Act of 2002, a U.S. law introduced to enhance investor protection by ... See complete definition
Dig Deeper on Compliance
- 5G fixed wireless access use cases continue to grow
FWA delivers wireless broadband internet to remote regions, temporary setups and other locations not suitable for wired ...
- How to optimize DNS for reliable business operations
The internet would be different today without DNS anchoring digital communications. Companies can take some basic steps to ensure...
- Cisco G300 AI network chip, AgenticOps parry Broadcom, HPE
Cisco's entrée into 102.4 Tbps silicon boasts in-place programmability and new AgenticOps features as enterprise AI ...
- The AI hype bubble might parallel the dot-com era bust
The current AI hype era resembles the dot-com bubble era in some ways, but there are significant differences as well.
- How a CIO guides agentic AI with structured governance
Rimini Street's CIO explains how he deployed agentic AI for research and service -- and how an AI steering committee governs ...
- 5 pillars of an agentic AI strategy
Agentic AI is forcing CIOs to rethink IT strategy. Success depends on identifying key use cases, assessing data readiness, ...
- Should enterprises upgrade to Windows 11 now?
With Windows 10 end of support now past, enterprises must evaluate whether to upgrade to Windows 11 based on hardware readiness, ...
- The new geography of enterprise risk
Risk is no longer centered only in core systems. Identity, hiring, endpoints and partner platforms are where exposure ...
- When is Windows 10 end of life? How to extend support
The Windows 10 end-of-support deadline forces IT teams to choose between Windows 11 migration, ESU enrollment and broader desktop...
- GenAI drives $119B cloud revenue in Q4
Q4 cloud infrastructure service revenues reach $119.1 billion, bringing the 2025 total to $419 billion. See how much market share...
- Cloud infrastructure suffers AI growing pains
Will $5 trillion in AI infrastructure investment be enough? Cloud providers facing that question must also yield a return, ...
- 8 reasons why IT leaders are embracing cloud repatriation
As IT leaders aggressively re-allocate capital to fund new AI initiatives, repatriation offers both savings and greater control, ...
- What it takes to secure agentic commerce
With AI agents increasingly acting as digital concierges for shoppers, verifying bot identities, securing the APIs they rely on, ...
- ICO wins appeal over data protection obligations in Currys cyber attack
The ICO has won an important appeal relating to data protection obligations arising from a 2017-18 cyber attack at electronics ...
- PromptSpy Android malware may exploit Gemini AI
A newly-uncovered malware targeting the Android operating system seems to exploit Google’s Gemini GenAI tool to help it maintain ...