CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?
A.
Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs
B.
Use CCM to build a detailed list of requirements and controls that they want their CSP to implement
C.
Use CCM to help assess the risk associated with the CSP
This option is NOT suitable for the company as a cloud customer. The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a framework that provides a structured set of controls that can be used by customers to assess the security posture of their cloud providers. It's designed for customers to use when evaluating potential cloud service providers (CSPs) and their offerings.
Submitting the CCM on behalf of the CSP to the CSA STAR registry would involve the cloud customer submitting information about the CSP's security controls and practices. However, the CCM is typically intended for customers to evaluate the CSP's security, rather than for the CSP to submit their own information. The responsibility for submitting accurate and up-to-date security information to the STAR registry lies with the CSP themselves. Therefore, option A is not suitable as a use of CCM by the company as a cloud customer.
The option that is NOT suitable for the company as a cloud customer when using the Cloud Control Matrix (CCM) is:
A. Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs.
Submitting the CCM on behalf of the cloud service provider (CSP) to CSA STAR is not a suitable option for the company as a cloud customer. The CSA STAR registry is intended for CSPs to document and demonstrate their security controls and practices to customers and the public. It is not meant for cloud customers to submit the CCM on behalf of their CSP.
In https://cloudsecurityalliance.org/star/, you can ask your CSP to submit to the registry.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MassoudAbedian
Highly Voted 1 year, 1 month agobyfener
Most Recent 4 months, 2 weeks agoBrainiac
6 months, 4 weeks agomoota
9 months, 1 week ago