Cloud Security Alliance’s New Cloud Controls Matrix v4 Adds New Log & Monitoring Domain & More Than 60 New Cloud Security C...
21 Enero 2021 - 9:00PM
Business Wire
Represents significant increase in requirements
resulting from new cloud technologies
The Cloud Security Alliance (CSA), the world’s leading
organization dedicated to defining standards, certifications and
best practices to help ensure a secure cloud computing environment,
today announced the availability of version 4 of the Cloud Controls
Matrix (CCM), CSA’s flagship cybersecurity framework for cloud
computing. The CCM v4 includes additional cloud security and
privacy-related controls and encompasses coverage of requirements
deriving from new cloud technologies, improved control
auditability, enhanced interoperability and compatibility with
other standards, and expanded support offerings to navigate the
cloud shared responsibility model.
CCM is a cybersecurity control framework for cloud computing
that aligns to the CSA Best Practices and is considered the
de-facto standard for cloud security and privacy. CCM v4
constitutes a significant upgrade to the previous version (v3.0.1)
by introducing changes in the framework structure with a new domain
dedicated to Logging and Monitoring (LOG), and modifications in the
existing ones including governance, risk and compliance (GRC);
auditing and assurance (A&A); unified endpoint management
(UEM); and cryptography, encryption, and key management (CEK).
“CSA’s Cloud Controls Matrix continues to lead the security
industry and market as the cloud provider and user-centric control
framework of choice. With an increasingly complex array of cloud
technologies, controls, and frameworks, it’s vital that cloud
customers have clear, definitive insight into the risks, roles, and
responsibilities to which they and their chosen cloud service
provider must adhere,” said Jim Reavis, co-founder and CEO, Cloud
Security Alliance.
The CCMv4 was developed by an expert group of more than 70
practitioners and industry leaders representing key cloud
stakeholders, among them cloud service providers, cloud customers,
auditors, and consulting firms. It features 17 domains, up one from
the previous iteration, and a total of 197 controls (up from 133).
In early February, the 64 new controls will be accompanied by
mappings with ISO/IEC 27001-2013, ISO/IEC 27017-2015, ISO/IEC
27018-2019, AICPA TSC v2017, and CCM V3.0.1.
“The world is changing at rapid-fire pace, and cloud security
providers are having to not only keep pace but stay one step ahead.
CCMv4 provides enterprises with an additional layer of transparency
and confidence that their CSPs are following recommended security
best practices,” said Daniele Catteddu, Chief Technology Officer,
Cloud Security Alliance.
In addition to the set of core controls, CCMv4 will roll out
additional components over the coming year:
- CCM Implementation Guidelines: Guidance to support the
implementation of CCM controls. (Tentative release date: early Q2
2021).
- Consensus Assessments Initiative Questionnaire (CAIQ):
Questionnaire related to CCM controls (Tentative release date:
early Q2 2021)
- Control Applicability Matrix: Support to define the
attribution of responsibilities between cloud service providers and
customers. (Tentative release date: early Q2 2021)
- Organizational Relevance: A support to define the
organizational relevance of each control based on work done by the
CSA Enterprise Architecture working group. (Tentative release date:
early Q2 2021)
- CCM Auditing Guidelines: Guidance to support the
auditing and assessment of CCM controls. (Tentative release date:
early Q3 2021)
- CCM Lite: A lightweight version of CCM, including a
subset of the CCM Controls which represent the CCM foundational
controls, i.e., those that organizations should implement
regardless. (Tentative release date: early Q4 2021)
- Translation of CCM in other languages
Beyond the above initiatives, CSA will be working over the
course of 2021 to create additional mapping to relevant standards,
best practices, laws and regulations (e.g., NIST 800-53 Rev 5,
ENISA Security Controls for Cloud Services, CIS Controls,
PCI-DSS).
The CCMv4 is a free resource and is available for download
now.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading
organization dedicated to defining and raising awareness of best
practices to help ensure a secure cloud computing environment. CSA
harnesses the subject matter expertise of industry practitioners,
associations, governments, and its corporate and individual members
to offer cloud security-specific research, education, training,
certification, events, and products. CSA's activities, knowledge,
and extensive network benefit the entire community impacted by
cloud — from providers and customers to governments, entrepreneurs,
and the assurance industry — and provide a forum through which
different parties can work together to create and maintain a
trusted cloud ecosystem. For further information, visit us at
www.cloudsecurityalliance.org, and follow us on Twitter
@cloudsa.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20210121005896/en/
Media Contacts Kari Walker for the CSA
kari@zagcommunications.com