Automate CCM Evidence Collection
As the most comprehensive security standard on the market, CCM compliance can seem daunting. But not for Drata’s automation.
With 85+ integrations, Drata connects to your cloud tools to quickly and automatically collect the evidence you need to get and stay CCM compliant—no spreadsheets or screenshots required.
Continuous CCM Control Monitoring
Staying CCM compliant and mitigating cloud risks means constantly monitoring and testing controls. With Drata’s continuous monitoring and real-time reports, your team gets unparalleled visibility into your security posture.
CCM in a Box
Use Drata’s out-of-the-box control library, templated policies, and customization to streamline and simplify the CCM compliance process.
What's Included With CCM
Drata streamlines the CSA CCM process so you can focus on growing your business securely.
Pre-Loaded Controls
Enjoy preloaded Drata controls pre-mapped to CSA CSM requirements.
One Central Dashboard
Always know where you stand with a central dashboard for all controls and frameworks.
Shared Controls
Reduce duplicative efforts with shared controls between frameworks such as ISO 27001 and NIST 800-53.
Frequently Asked Questions About CCM Compliance
What is CSA CSM?
The Cloud Controls Matrix by Cloud Security Alliance (CSA) is a cybersecurity control framework for cloud computing.
This framework helps organizations assess the risks associated with cloud computing providers.
How do I know I need CSA CCM?
This compliance standard is available for any industry or customer to pursue. CCM helps organizations assess the risks associated with cloud computing providers and is a very comprehensive cloud security standard on the market.
How does Drata automate CSA CCM?
When you manage Cyber Essentials in Drata, take advantage of pre-mapped controls and policies to start automating your compliance program quickly.
Do I need an audit?
CCM is voluntary, and customers can apply for a Security, Trust, Assurance and Risk (STAR) registry to display compliance.
STAR Level 1: Self-Assessment
Variations of Level 1:
Security Self-Assessment
GDPR Code of Conduct
STAR Level 2: Third-Party Audit
Variations of Level 2
STAR Attestation
STAR Certification
What tools does Drata integrate with?
Drata has more than 75 native integrations. From cloud infrastructure providers like AWS, Google Cloud, and Azure, to human resources platforms like Gusto, GoodHire, and Workday, to dev tools and ticketing such as Jira and Github.
If I use Drata, will my auditor have access to all my data and results of control testing?
Drata only gives auditors access to what they need in order to streamline the audit engagement. In the Auditor View, you control the level of access your auditor receives. You also dictate the time period that access covers, and the framework so auditors are only seeing evidence and test results of your controls during that specific time window.
Why is the Auditor View important?
Drata was built alongside auditors to ensure you and the auditor have the best user experience. Today, most platforms enable an export of reports or access to the entire set of controls and data you have visibility into. While not every control is applicable to your environment, auditors can’t unsee the evidence you’ve collected, which is why it’s important to only display pertinent information in the Auditor-Only View.
Automate Your Journey
Drata's platform experience is designed by security and compliance experts so you don't have to be one.
Connect
Easily integrate your tech stack with Drata.
Configure
Pre-map auditor validated controls.
Comply
Begin automating evidence collection.
Put Security & Compliance on Autopilot®
Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.
