CSA, the Cloud Security Association, has worked with industry partners to set up a matrix defining Cloud security controls mapped to industry standards.
“The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.”
The CCM lists security controls mapped to the following industry-standards:
- COBIT 4.1
- HIPAA/HITECH act
- ISO/IEC 27001-2005
- PCI DSS v2.0
Now up to version 1.3, the CCM (Cloud Controls Matrix), was used to help us create our compliance mapping database. The version of the matrix provided by the CSA, while useful for reference, is very difficult to use when trying to track compliance related tasks. V2 of the CCM is currently in development. In the meantime, my custom cloud controls database should be ready in the next week or two.