The Cloud Security Alliance (CSA) today announced the release of the CSA Cloud Controls Matrix (CCM) Version 3.0, a broad update to CSA's standard for assessing cloud-centric information security risks.
The CCM Version 3.0 expands the control domains to address recent changes in cloud security risks.
The CCM draws from security standards, regulations, and control frameworks such as ISO 27001/2, the European Union Agency for Network and Information Security (ENISA) Information Assurance Framework, ISACA's Control Objectives for Information and Related Technology, the American Institute of CPAs Trust Service and Principals Payment Card Industry Data Security Standard, and the Federal Risk and Authorization Management Program.
This major restructuring of the CCM is said to capture the needs of cloud security governance in the near future, where it will serve as an annual check in updating future controls, further ensuring CCM remains in line with future technology and policy changes.
“As cloud usage continues to evolve, so must our security controls,” said Evelyn De Souza, co-chair of the CCM Working Group and also data center and cloud security strategist with Cisco Systems.
“We must now address the expanding methods of how cloud data is accessed to ensure due care is taken in the cloud service provider's supply chain, and service disruption is minimized in the face of a change to a cloud service provider's relationship. With the additional new key control domains and improved clarity, the CCM will become an increasingly important tool for providers and consumers to rely on to ensure greater transparency, trust, and security in the cloud.”