CIO Influence
CIO Influence News Cloud Security

Cloud Security Alliance Releases New Guidelines Providing Insight Into Effectively Using Its Industry-Leading Security Assessment, Assurance Tools

Cloud Security Alliance Releases New Guidelines Providing Insight Into Effectively Using Its Industry-Leading Security Assessment, Assurance Tools
Documents provide best practices in using and implementing the Cloud Controls Matrix and Security, Trust, Assurance and Risk (STAR) program

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced the publication of a new document, Implementation Guidelines for the Cloud Controls Matrix (CCM) v4. The implementation guidelines are a new addition to the CCM v4, CSA’s flagship cybersecurity framework for cloud computing, and were developed to support users in the proper application of CCM controls, while providing additional guidance and recommendations tailored to the control specifications for each of CCM v4’s 17 cloud security domains.

Recommended ITech News: Ahana Joins AWS ISV Accelerate Program to Expand Access to Its Presto Managed Service for Fast SQL on Amazon S3 Data Lakes

“When implemented properly, the CCM framework, the foundation of the STAR program, helps reduce cybersecurity risk by delivering best-in-class security. It’s critical therefore that those seeking STAR Level 3 certification understand and properly apply the CCM control set to their organization”

“Given the enterprise-specific nature of cloud infrastructure and architecture, CSA cannot provide detailed, prescriptive guidance pertinent to every organization and cloud service implementation or technology. That being said, the guidelines represent an ideal compendium to the CCM controls as they provide a greater level of detail regarding cloud security and privacy best practices. We are confident that the Implementation Guidelines represent a very useful tool for supporting cloud service providers and cloud customers in their adoption of the CCM requirements,” said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance.

The guidelines are available as both a spreadsheet and PDF: The former allows organizations to leverage the guidelines in conjunction with the full roster of CCM v4 components, while the PDF provides structured guidance on working through the CCM framework. It should be noted that the document is not meant to be a “how-to” manual for the CCM controls implementation. Given the nature of CCM controls, their operationalization will depend on numerous factors, largely the IT/service architecture, the type of technology used, risks faced, applicable regulations, and organizational policies, among others.

Recommended ITech News: MSP360 Appoints New Vice President of Operations

The CCM Implementation Guidelines are a collaborative product of the volunteer CCM Working Group and are based on shared cloud service provider and cloud service customer experiences in implementing and securing cloud services and using CCM controls. The working group’s insight covers myriad topics and queries, including how organizations can best:

  • implement controls for the first time
  • improve an existing implementation
  • answer a Consensus Assessment Initiative Questionnaire (CAIQ) question
  • better understand a customer’s security responsibilities
  • leverage CCM controls within a specific platform or architecture

CSA also released The Evolution of STAR: Introducing Continuous Auditing, which provides an overview of STAR Level 3, the most rigorous assurance tier in CSA’s Security, Trust, Assurance and Risk (STAR) program. STAR Level 3 allows certified service providers to demonstrate that critical security controls are being continuously monitored and validated, thereby providing customers with the ultimate level of transparency and assurance. It’s important, therefore, that enterprises understand the critical role this plays in third-party risk management. The white paper reviews implementation concepts and process design, demonstrating how continuous security control auditing and certification delivers best-in-class security transparency.

“When implemented properly, the CCM framework, the foundation of the STAR program, helps reduce cybersecurity risk by delivering best-in-class security. It’s critical therefore that those seeking STAR Level 3 certification understand and properly apply the CCM control set to their organization,” said John DiMaria, CSA Research Fellow, Assurance Investigatory Fellow, Cloud Security Alliance.

Recommended ITech News: Comscore Receives Prestigious ISO Certifications for Information Security and Privacy Information Management Systems

Related posts

WISeKey and SEALSQ Partner With DP World for Smart Container Integration

GlobeNewswire

Introducing Tenable One: Industry-First Exposure Management Platform

Gamma Technologies Acquires Power Design Technologies, Extends Leadership of Full Vehicle System-level

Leave a Comment