The Cloud Security Alliance (CSA) is the world’s leading organization helping to ensure a secure cloud computing environment. The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and customers.


The CSA CCM is highly recommended for any organization offering cloud services. It also applies to organizations using the cloud for internal hosting of corporate data or services.


The CSA CCM gives detailed understanding of security concepts and principles in 16 domains. 

  1. Application & Interface Security (AIS)

  2. Audit Assurance & Compliance (AAC)

  3. Business Continuity Management & Operational Resilience (BCR)

  4. Change Control & Configuration Management (CCC)

  5. Data Security & Information Lifecycle Management (DSI)

  6. Datacenter Security (DCS)

  7. Encryption & Key Management (EKM)

  8. Governance & Risk Management (GRM)

  9. Human Resources (HRS)

  10. Identity & Access Management (IAM)

  11. Infrastructure & Virtualization Security (IVS)

  12. Interoperability & Portability (IPY)

  13. Mobile Security (MOS)

  14. Security Incident Management, E-Discovery, & Cloud Forensics (SEF)

  15. Supply Chain Management, Transparency, and Accountability (STA)

  16. Threat & Vulnerability Management

Compliance requires a systematic review of services and processes regarding cloud infrastructure. Meanwhile, the Consensus Assessments Initiative Questionnaire (CAIQ) is a companion to the CCM providing a set of “yes or no” questions a consumer or auditor may ask a cloud provider.


Usefully, the CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance and Risk (STAR) registry, ensuring integration with popular third-party assessments to avoid duplication of effort and cost.

Centraleyes delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the CSA CMM. Centraleyes has mapped the CSA CMM back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the Centraleyes platform organizations can gain full visibility to their cyber risk levels and compliance.