Request for Feedback – CSA Cloud Controls Matrix (CCM)

Cloud Security Alliance is inviting the community to give feedback in the new version of the CCM. This version has updates in the following areas:

  • AICPA 2014 Trust Services Criteria
  • Canada Personal Information Protection Electronic Documents Act
  • COBIT 5.0
  • Children’s Online Privacy Protection Act
  • CSA Enterprise Architecture
  • European Network Information and Security Agency Information Assurance Framework
  • European Union Data Protection Directive 95/36/EC
  • Family Education and Rights Privacy Act
  • HIPAA/HITECH act and the Omnibus Rule
  • ISO/IEC 27001:2013
  • International Traffic in Arms Regulation
  • Mexico – Federal Law on Protection of Personal Data Held by Private Parties
  • NIST SP800-53 Rev 3 Appendix J
  • New Zealand Information Security Manual
  • Open Data Center Alliance Usage Model PAAS Interoperability Rev. 2.0
  • PCI DSS v3

Microsoft uses the CCM in many areas of its cloud services. For example, Microsoft Azure, leverages the trust principles from the CSA CCM and it is always good to remember that Microsoft Cloud Security Readiness Tool is based on the Cloud Security Alliance’s Cloud Control Matrix.


If you are interested in participate in this review, follow the steps from