CybersecurityFrameworkStandard

CCM v4.1

Cloud Controls Matrix v4.1

The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.

Overview

The Cloud Controls Matrix (CCM) v4.1 is designed to provide a systematic approach to ensuring security in cloud environments and aligning with industry best practices. It includes detailed mappings to other standards, auditing guidelines, and metrics for continuous monitoring. The accompanying CAIQ v4.1 offers a security questionnaire to assess controls and supports submission to the STAR Registry for certification or attestation. Resources include implementation guidelines, change analysis between versions, and machine-readable formats for automation. This latest version emphasizes enhancing cloud security measures, privacy, shared responsibility models, and metrics for ongoing security assessment.

Related in Cybersecurity

CybersecurityStandard

SOC-CMM β€” SOC-CMM Assessment Tool

The SOC-CMM model is a capability maturity model that can be used to perform a self-assessment of your Security Operations Center (SOC). The model is based on review conducted on literature regarding SOC setup and existing SOC models as well as literature on specific elements within a SOC. The literature analysis was then validated by questioning several Security Operations Centers in different sectors and on different maturity levels to determine which elements were actually in place. The output from the survey, combined with the initial analysis is the basis for this self-assessment. For more information regarding the scientific background and the literature used to create the SOC-CMM self-assessment tool, please refer to the thesis document as available through: https://www.soc-cmm.com/

SOC-CMM

View details
CybersecurityRegulation

EU Digital Services Act β€” Regulation (EU) 2022/2065 - EU Digital Services Act

The Digital Services Act (DSA) (Regulation (EU) 2022/2065) establishes a comprehensive framework for regulating online intermediary services, platforms, and marketplaces across the European Union to create a safer and more transparent digital environment. The regulation introduces obligations for online platforms to address illegal content, improve transparency in content moderation and advertising, protect users' rights, and manage systemic risks such as disinformation and harmful content. It also imposes enhanced requirements on very large online platforms and search engines, while preserving fundamental rights, consumer protection, and innovation. Overall, the DSA aims to harmonize rules across the EU and increase accountability for digital service providers operating within the Single Market.

European Union β€’ EU

View details
CybersecurityRegulation

EU Data Act β€” Regulation (EU) 2023/2854 - EU Data Act

The EU Data Act (Regulation (EU) 2023/2854) establishes harmonized rules to make data generated by connected products and related digital services more accessible and usable across the European Union. It gives users of connected devices, such as IoT products, the right to access and share the data they generate with third parties, while requiring data holders to provide that data under fair, reasonable, and non-discriminatory conditions. The regulation aims to reduce barriers to data sharing, promote innovation and competition, enable easier switching between cloud and data-processing services, and support public-sector access to data in situations of exceptional need, while preserving data protection, privacy, intellectual property rights, and trade secret safeguards. Overall, the Data Act is designed to create a fairer and more competitive European data economy by empowering users and improving access to valuable data resources.

European Union β€’ EU

View details
CybersecurityStandard

ASD Essential 8 Maturity Model - 2023 β€” Australian Signals Directorate (ASD) Essential Eight Maturity Model 2023

The ASD Essential 8 Maturity Model is a framework developed by the Australian Signals Directorate (ASD) to guide organizations in implementing prioritized cyber security mitigation strategies. It provides structured maturity levels to help organizations progressively strengthen their defenses against common cyber threats. The model ensures consistency, accountability, and resilience by aligning practices across all eight strategies.

Australian Signals Directorate (ASD) β€’ Australia β€’ vNovember 2023

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks β€” automatically.

Book your strategy call