Virtualization Technology News and Information
Cloud Security Alliance Announces Implementation Guidelines v2.0 for Cloud Controls Matrix (CCM) in Alignment with Shared Security Responsibility Model

The Cloud Security Alliance (CSA) has issued Cloud Controls Matrix (CCM) Implementation Guidelines v2.0: Securing the Cloud with the Shared Security Responsibility Model, an update to its flagship cybersecurity framework for cloud computing, CCM v4.0.12. Drafted by the CCM Working Group, the CCM Implementation Guidelines v2.0 provide security best practices for cloud organizations looking to implement CCM v4.0 control specifications in alignment with the Shared Security Responsibility Model (SSRM).

"It's important that both cloud service providers (CSPs) and their customers understand their respective roles in implementing the CCM controls. Fostering a collaborative environment that enhances the overall security posture of the cloud ecosystem benefits everyone," said Lefteris Skoutaris, Program Manager, Cloud Security Alliance, EMEA.

The CCM Implementation Guidelines v2.0 address the critical need to establish clearly demarcated lines of security responsibility between CSPs and cloud service customers (CSCs), bringing greater clarity and accountability to the implementation process. The guidelines are rooted in the collected experiences of CCM Working Group members, based on shared CSP and CSC experiences in implementing and securing cloud services and using CCM controls.

The insight covers myriad topics and queries, including how organizations can:

  • Implement controls for the first time or improve an existing implementation
  • Guide the implementation of controls across multiple frameworks via CCM mappings
  • Delineate and understand the security responsibilities of CSPs and CSCs in cloud implementations
  • Conduct implementation assessments of their CSPs and how to answer a CAIQ question
  • Identify the most-effective best practices to include as provisions within their organizational security policy
  • Translate cloud security best practices into contractual provisions with their CSPs
  • Leverage and implement CCM controls within a specific cloud platform or architecture

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing, composed of 197 control objectives structured in 17 domains, covering all key aspects of the cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The controls framework is aligned to the CSA Security Guidance for Cloud Computing and is considered a de-facto standard for cloud security assurance and compliance.

Along with releasing updated versions of the CCM and CAIQ, the Cloud Controls Matrix Working Group provides control mappings, gap analysis, and addendums between the CCM and other industry standards and regulations to keep it continually up-to-date. Those interested in participating in the working group or its research are invited to join.

Download the CCM Implementation Guidelines v2.0: Securing the Cloud with the SSRM.

Published Tuesday, June 04, 2024 1:54 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2024>