Cybersecurity News that Matters

Cybersecurity News that Matters

Cloud Security Alliance Announces Implementation Guidelines v2.0 for Cloud Controls Matrix (CCM) in Alignment with Shared Security Responsibility Model

by Business Wire

Jun. 05, 2024
1:07 AM GMT+9

Update strengthens CCM’s position as the cloud security industry’s preferred control framework

SEATTLE–(BUSINESS WIRE)–#CCM–The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has issued Cloud Controls Matrix (CCM) Implementation Guidelines v2.0: Securing the Cloud with the Shared Security Responsibility Model, an update to its flagship cybersecurity framework for cloud computing, CCM v4.0.12. Drafted by the CCM Working Group, the CCM Implementation Guidelines v2.0 provide security best practices for cloud organizations looking to implement CCM v4.0 control specifications in alignment with the Shared Security Responsibility Model (SSRM).


“It’s important that both cloud service providers (CSPs) and their customers understand their respective roles in implementing the CCM controls. Fostering a collaborative environment that enhances the overall security posture of the cloud ecosystem benefits everyone,” said Lefteris Skoutaris, Program Manager, Cloud Security Alliance, EMEA.

The CCM Implementation Guidelines v2.0 address the critical need to establish clearly demarcated lines of security responsibility between CSPs and cloud service customers (CSCs), bringing greater clarity and accountability to the implementation process. The guidelines are rooted in the collected experiences of CCM Working Group members, based on shared CSP and CSC experiences in implementing and securing cloud services and using CCM controls.

The insight covers myriad topics and queries, including how organizations can:

  • Implement controls for the first time or improve an existing implementation
  • Guide the implementation of controls across multiple frameworks via CCM mappings
  • Delineate and understand the security responsibilities of CSPs and CSCs in cloud implementations
  • Conduct implementation assessments of their CSPs and how to answer a CAIQ question
  • Identify the most-effective best practices to include as provisions within their organizational security policy
  • Translate cloud security best practices into contractual provisions with their CSPs
  • Leverage and implement CCM controls within a specific cloud platform or architecture

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing, composed of 197 control objectives structured in 17 domains, covering all key aspects of the cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The controls framework is aligned to the CSA Security Guidance for Cloud Computing and is considered a de-facto standard for cloud security assurance and compliance.

Along with releasing updated versions of the CCM and CAIQ, the Cloud Controls Matrix Working Group provides control mappings, gap analysis, and addendums between the CCM and other industry standards and regulations to keep it continually up-to-date. Those interested in participating in the working group or its research are invited to join.

Download the CCM Implementation Guidelines v2.0: Securing the Cloud with the SSRM, or learn more about the Shared Responsibility Model here.

Those looking to learn more about the CCM Implementation Guidelines v2.0 are encouraged to register for CSA’s free, virtual Cloud Trust Summit on June 6, which will feature the session CCM Implementation Guidelines version 2.0: Securing the Cloud with the Shared Security Responsibility. Register now.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA’s activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Contacts

Kristina Rundquist

ZAG Communications for the CSA

[email protected]

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Business Wire
    : Author

    Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing profession...

    View all posts
Author:
Stay Ahead with The Readable's Cybersecurity Insights