The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) controls framework offers a detailed understanding of security concepts and principles that follow Cloud Security Alliance guidance in 13 domains. The foundation of the CSA CCM aligns with other industry-accepted security standards, regulations, and controls frameworks, such as ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum, and NERC CIP. It is an optional standard that some organizations implement to benefit from the best practices it contains, and to reassure customers that its recommendations have been followed.
When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other cloud service provider, security and compliance is a shared responsibility between the cloud provider and the customer. You as the customer are responsible for configuring and using cloud services in a way that complies with the applicable directives contained within CSA CCM.
InsightCloudSec enables you to automate security and compliance with CSA CCM. InsightCloudSec provides dozens of out-of-the-box policies as part of our CSA CCM compliance pack that map back to specific directives within CSA CCM. For example, InsightCloudSec’s policy “Cloud Account Without Root Account MFA Protection” supports compliance with the “AIS-04, EKM-01, EKM-02, EKM-03, GRM-06, IAM-01, IAM-02, IAM-04, IAM-05, IAM-10, IAM-11, and IAM-12” directives in CSA CCM. You can immediately use the CSA CCM compliance pack to identify and remediate policy violations in real time.