The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.
The Cloud Controls Matrix (CCM) v4.1 is designed to provide a systematic approach to ensuring security in cloud environments and aligning with industry best practices. It includes detailed mappings to other standards, auditing guidelines, and metrics for continuous monitoring. The accompanying CAIQ v4.1 offers a security questionnaire to assess controls and supports submission to the STAR Registry for certification or attestation. Resources include implementation guidelines, change analysis between versions, and machine-readable formats for automation. This latest version emphasizes enhancing cloud security measures, privacy, shared responsibility models, and metrics for ongoing security assessment.