The Cloud Security Alliance (CSA) is a not-for-profit organization, born in 2008, with the aim to promote the use of best practices for providing security assurance within Cloud Computing.
From this organization originates the Cloud Controls Matrix (CCM) that today reached version 3.0, a control framework designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider, interfacing with other industry-accepted security standards like ISO 27001/27002, ISACA COBIT, PCI, NIST, etc.
CCM Version 3.0 includes the following updates:
- Five new control domains that address information security risks over the access of, transfer to, and securing of cloud data: Mobile Security; Supply Chain Management, Transparency & Accountability; Interoperability & Portability; and Encryption & Key Management
- Improved harmonization with the Security Guidance for Critical Areas of Cloud Computing v3
- Improved control auditability throughout the control domains and an expanded control identification naming convention
Here is the link to download it.