Question 30
UnclassifiedWhich of the following is the BEST tool to perform cloud security control audits?
Correct answer: D
Explanation
The CSA Cloud Control Matrix (CCM) is designed for cloud security assessments because it maps security requirements to cloud-specific control domains. It is widely used to audit and evaluate cloud providers against a standardized set of controls, making it the best tool for cloud security control audits.
Why each option is right or wrong
A. General Data Protection Regulation (GDPR)
B. ISO 27001
C. Federal Information Processing Standard (FIPS) 140-2
D. CSA Cloud Control Matrix (CCM)
The Cloud Security Alliance Cloud Controls Matrix (CSA CCM) is the cloud-specific audit framework used to assess security controls across provider environments, with 197 control objectives organized into 17 domains. It is paired with the CSA Consensus Assessments Initiative Questionnaire (CAIQ) for evaluating whether a cloud service provider’s controls align with recognized cloud security requirements, which is exactly what a cloud security control audit requires.