Skip to main content

Cloud Security Maturity Model

Dashboard

CSMM Dashboard

Cloud Defense automatically assesses key cloud security controls from the CSMM, and combines these with written answers for control objectives that can’t be automatically aligned, to show you your overall maturity across your cloud deployments (AWS supported, Azure coming soon). This guide will walk you through the major features. For more information on the CSMM and to take the IANS survey-based diagnostic please visit https://www.iansresearch.com/resources/cloud-security-maturity-model

Domains and Categories

CSMM Domain CSMM category

The CSMM includes 12 Categories organized into 3 Domains. Each Category includes between 1-3 Cloud Security Control Objectives for each maturity level. These all come directly from the published CSMM. Click on each Domain or Category to see your detailed results for that area.

Scope

CSMM Scope

By default, Cloud Defense assesses every deployment onboarded to the platform and compiles the results. You can change the scope to only focus on specific projects or deployments.

Unanswered Questions

CSMM Question

Cloud Defense automatically assesses control objectives with a defined technical control we can directly check. Some control objectives focus more on process and can’t be automatically assessed, so we include these as manual questions. Your maturity dashboard won’t be accurate until you fill out these questions. Manual answers expire so you can re-validate them in the future to better detect drift. To enter a Manual answer, click on the “+” button next to the Control. A list of unanswered questions appears in the Dashboard and Domain views, and you can enter Manual answers to the Manual Controls in the Category view.

“Either” Checks and Exemptions

CSMM Either

Some checks in the CSMM are designated as “Either” which usually means there are multiple ways to meet the objective. Cloud Defense will automatically default to an automated check, but if you are solving the problem a different way you can create an Manual answer and set an expiration.

Maturity Rating

CSMM Maturity Report

Your maturity is defined as highest level of maturity where you pass all checks and questions. Some checks are evaluated for the entire organization, and others for individual cloud deployments. The displayed percentages are the pass rates at your defined scope.

Detailed Results

CSMM Control Results CSMM Check Results

You can easily dive in to assess your maturity across your deployments. Control Results shows your overall Pass or Fail. Check Results shows every pass or fail for every account and resource so you can pinpoint problems. Account Status shows which accounts have completely passed or which ones have any failures.

Real-Time Updates

CSMM Refresh

Cloud Defense Free will assess the CSMM once a day. Cloud Defense Pro continuously updates results in real-time. The model itself will also be adjusted to maintain alignment with the latest updates issued by IANS/CSA/Securosis so your maturity may change as the model changes. Pro customers will soon have the ability to swap out different automated checks to better tune the assessments to their operations.