Experienced a Breach?
NEED IMMEDIATE ASSISTANCE?
Our emergency incident respose team is available 24/7.

Call Us: 844-HACK-911

CSA releases new compliance mapping with Cloud Controls Matrix v3

Cloud Controls Matrix v3

The Cloud Security Alliance (CSA) has released v3 of their security controls mapping. The Cloud Controls Matrix (CCM) Version 3.0 has been long awaited, and includes a number of important changes in cloud security risks.

What’s New

Version 3.0 of the Cloud Controls Matrix includes:

  • Five new cloud control domains: Mobile Security; Supply Chain Management, Transparency & Accountability; Interoperability & Portability; and Encryption & Key Management
  • Improved harmonization with the Security Guidance for Critical Areas of Cloud Computing v3
  • Improved control auditability throughout the control domains and an expanded control identification naming convention

 

Where the CCM Falls Short

While this is an important step forward in security control mapping, I feel that the mappings are too broad to be useful in enterprise compliance and governance programs. The CCM v3 condenses major cloud frameworks like PCI DSS, ISO 27001, FedRAMP, HIPAA, and COBIT. This mapping can serve as a useful stepping stone for research into new security frameworks and how certain control areas might be applied.

The main issue with this framework is that no company can ever pick it up to as a way to see what needs to be done to satisfy particular control requirements. For the CCM to be useful, it would need to go into much more detail about the controls and what and what need to be done to meet those controls.

Download

The Cloud Controls Matrix is available as a free download.

 

 

You Might Also Like

Contact Please fill out the form below and we will contact you ASAP. For emergencies, please call 1-844-HACK-911
  • Reason for Contact