The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use. This matrix is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall risk of the service provider. Several different domains are included, including COBIT, NIST, HIPAA, and others. In March 2013, version 1.4 was released. This version includes two new columns that cater to the SOC 2 engagement.
One benefit of this matrix is the ability for service organizations to see the controls they should have in place in order to prepare for various engagements. Many of the same controls are used for different engagements, essentially enabling the service organization to “kill two birds with one stone.”
The Cloud Controls Matrix can be downloaded for free here.