The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto standard for cloud security and privacy. The accompanying questionnaire, CAIQ, provides a set of “yes or no” questions based on the security controls in the CCM.
You can now download the CCM and CAIQ together.
These 2 files consist of all required documentation.
- CCM v4
- CAIQ v4
- STAR Level 1: Security Questionnaire (CAIQ v4)
- Implementation Guidelines
- Auditing Guidelines
Mappings enable you to connect the dots if you are already Compliant with other major Compliance standards.
- ISO/IEC 27001/27002/27017/27018
- CCM V3.0.1
- AICPA TSC
- CIS Controls V8
- NIST 800-53r5
- PCI DSSv3.2.1