The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is designed to provide guidance to cloud vendors and to assist cloud customers in assessing the security risk of a cloud provider. The CSA CCM has 133 controls in 13 domains with customized relationships (mappings) to other industry-accepted security standards, regulations, and controls frameworks (e.g. ISO 27002//27001, ISACA, COBIT, PCI-DSS, NIST 800-53). The objective of the CCM framework is to help organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry.

How Does Dome9 Help with CSA CCM Compliance?

– Visibility into all of your Cloud Assets – A company needs to clearly define the scope of all the system components in scope for CSA CCM certification. Dome9 provides you the visibility into cloud assets in order to comply with CSA CCM since you cannot protect information that is not on your radar.

– Compliance Engine – Real-time view of compliance and security posture for immediate risk mitigation

– Governance Specification Language (GSL) – GSL allows Compliance and Security team to write and review any compliance check in seconds without deep technical knowledge – This equates to fewer errors in translating IT governance requirements to policy definitions.

– Continuous Compliance – Continuous Compliance allows Dome9 clients to continuously run a compliance assessment according to various compliance suites and deliver findings through the most convenient method such as email, SNS notification message or PDF report.

– Advanced Alerts Mechanism – Our Advanced Alerts Mechanism alerts you on findings that Dome9 discovers when scanning AWS Accounts, Azure Subscriptions, and GCP Projects. This mechanism allows you to maintain CCM compliance and easily trigger incident response and start your investigation if there are major issues.