Cloud Security Maturity Model
The Cloud Security Maturity Model (CSMM) is co-developed by IANS and Securosis and administered in partnership with the Cloud Security Alliance.
Rich Mogull, IANS Faculty & Securosis CEO
What is the Cloud Security Maturity Model?
The CSMM helps organizations understand what their cloud security journey looks like and, more importantly, to consciously determine how mature they want to be for each category.
Take the diagnostic now
Why complete the CSSM Diagnostic?
Completing the CSMM diagnostic generates an individualized report based on your answers to provide a quick qualitative assessment of your current maturity level. It assesses the state of your organization's cloud security program against 12 categories over the three domains of the model. Organizations use the model as a starting point and a means to determine the required investment in each category.
Foundational Domain
Represents the core, critical infrastructures.
Structural Domain
Represents what would traditionally be considered security.
Procedural Domain
Represents many of the fundamental process and procedural changes required.
Levels of cloud security maturity
Assets to expedite your journey
Download the report
Intro to the CSSM 2.0
A 5-page overview of the updated Cloud Security Maturity model and how to use it.
Download Now
CSSM Poster
A pdf visual representation of the Cloud Security Maturity Model 2.0
Download Now
Cloud Security Maturity Model 2.0
A detailed excel spreadsheet with control objectives specified for each maturity level.
Download Now
Frequently Asked Questions
Why align to the Cloud Security Maturity Model?
Feb 6, 2025, 14:05 PM
Question :
Why align to the CSSM?
Security for cloud deployments differs from protecting traditional systems. With increased scrutiny on cloud security from large customers, boards of directors, and internal and external compliance assessors, all organizations need to consider the inherent security of their cloud stack and how they manage and control access to it using a cloud-native security framework.
Be intentional about decisions and priorities
The Cloud Security Maturity Model is not focused on telling organizations what they must do. Instead, it facilitates business-oriented discussions about cloud security requirements, priorities and strategies, highlighting key decisions stakeholders must consider in their journey toward increased automation via cloud service providers. This knowledge helps organizations assess their existing cloud security programs against their internal business requirements and those of industry peers, determine which maturity level is appropriate to the business, and make conscious and informed purchase and configuration decisions.
Start the free diagnostic
Mike Rothman, IANS Faculty & Securosis President
We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Policy.