ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

Cloud Security Alliance Releases New Cloud Controls Matrix Auditing Guidelines

By: via Business Wire
ⓘ This article is third-party content and does not represent the views of this site. We make no guarantees regarding its accuracy or completeness.

Document provides auditors a baseline understanding of the CCM audit areas, allowing them to better perform a CCM-related audit and assessment

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the Cloud Controls Matrix (CCM) Auditing Guidelines. Drafted by the CCM Working Group, this new addition to the Cloud Controls Matrix v4 contains a set of auditing guidelines tailored to the control specifications of each of the CCM’s 17 cloud security domains. This document provides auditors with a baseline understanding of the CCM audit areas, allowing them to better perform a CCM-related audit and assessment.

The guidelines are an extension of Chapter 7: CCM Auditing Guidelines found in the Certificate of Cloud Auditing Knowledge guide (specifically of subsection 7.5: CCM Audit Workbook) and were drafted to provide direction to:

  • auditors who plan to perform audits against the CCM on cloud service providers (CSPs)
  • cloud service customers (CSCs) using the CCM framework to evaluate their cloud service portfolio, and
  • CSPs or CSCs who intend to use the CCM framework to guide the design, development, and implementation of their cloud security controls.

“We are very excited about the work done with CCM v4. The auditing guidelines represent an additional aid for the organizations adopting CCM and will facilitate and streamline the execution of assessment based on CCM control. This document will clearly make it easier for companies to join the STAR Program,” said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance.

“The guidelines have been drafted in such a way as to allow auditors to tailor various aspects to address their specific objectives and will support a cloud security audit or assessment, regardless of company's size, business, cloud deployment complexity, or maturity level. It’s hoped these guidelines will make it even easier for CSPs and CSCs, who are seeking secure implementation, assessment, and management of cloud services security risks, to determine where the responsibility for various aspects of security lie,” said Sanjeev Gupta, a lead author of the paper.

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing, composed of 197 control objectives structured in 17 domains, covering all key aspects of the cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The controls framework is aligned to the CSA Security Guidance for Cloud Computing and is considered a de-facto standard for cloud security assurance and compliance.

Along with releasing updated versions of the CCM and CAIQ, the Cloud Controls Matrix Working Group provides control mappings, gap analysis, and addendums between the CCM and other industry standards and regulations to keep it continually up to date. Those interested in participating in the working group or its research are invited to join.

Download the CCM Auditing Guidelines now.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Contacts

Report this content

If you believe this article contains misleading, harmful, or spam content, please let us know.

Report this article

Recent Quotes

View More
Symbol Price Change (%)
AMZN  252.25
+3.97 (1.60%)
AAPL  267.91
-5.14 (-1.88%)
AMD  280.46
+5.51 (2.00%)
BAC  53.93
-0.02 (-0.04%)
GOOG  335.15
-0.25 (-0.07%)
META  672.23
+1.32 (0.20%)
MSFT  424.75
+6.68 (1.60%)
NVDA  201.00
-1.06 (-0.52%)
ORCL  182.30
+4.72 (2.66%)
TSLA  390.45
-2.05 (-0.52%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.
© 2025 FinancialContent. All rights reserved.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.