Organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, the Cloud Security Alliance, introduced the new version of its flagship cybersecurity framework for cloud computing. The latest version offers additional cloud security and privacy-related controls and encompasses coverage of requirements.
Logging and monitoring

The latest version, CCM v4 introduces changes in the framework structure with a new domain dedicated to Logging and Monitoring, and modifications in the existing ones including governance, risk and compliance; auditing and assurance; unified endpoint management; and cryptography, encryption and key management. Jim Reavis, Co-Founder and CEO, Cloud Security Alliance, said,
“CSA’s Cloud Controls Matrix continues to lead the security industry and market as the cloud provider and user-centric control framework of choice. With an increasingly complex array of cloud technologies, controls, and frameworks, it’s vital that cloud customers have clear, definitive insight into the risks, roles, and responsibilities to which they and their chosen cloud service provider must adhere.”
CCMv4 will also roll out additional components in 2021:
- CCM Implementation Guidelines: Guidance to support the implementation of CCM controls.
- Consensus Assessments Initiative Questionnaire: Questionnaire related to CCM controls.
- Control Applicability Matrix: Support to define the attribution of responsibilities between cloud service providers and customers.
- Organizational Relevance: A support to define the organizational relevance of each control based on work done by the CSA Enterprise Architecture working group.
- CCM Auditing Guidelines: Guidance to support the auditing and assessment of CCM controls.
- CCM Lite: A lightweight version of CCM, including a subset of the CCM Controls which represent the CCM foundational controls, i.e., those that organizations should implement regardless.
- Translation of CCM in other languages