supernav-iconWebinar: The Future of Cyber Security with Expert Keren Elazari

Contact Sales

  • Sign In
  • Get Started
HomeAll FrameworksCCM
CCM Logo

Prove Your Cloud Security Posture with CCM Compliance

Achieve CCM compliance faster with automation while eliminating guesswork with pre-mapped controls and real-time security visibility.

Eliminate manual work

Automate CCM Evidence Collection

As the most comprehensive security standard on the market, CCM compliance can seem daunting. But not for Drata’s automation. 

With 85+ integrations, Drata connects to your cloud tools to quickly and automatically collect the evidence you need to get and stay CCM compliant—no spreadsheets or screenshots required.

Stay protected on the cloud

Continuous CCM Control Monitoring

Staying CCM compliant and mitigating cloud risks means constantly monitoring and testing controls. With Drata’s continuous monitoring and real-time reports, your team gets unparalleled visibility into your security posture. 

Get compliant faster

CCM in a Box

Use Drata’s out-of-the-box control library, templated policies, and customization to streamline and simplify the CCM compliance process.


Join the Thousands of Companies that Trust Drata

See All Case Studies
Wiz logo 2
BambooHR Logo
Clearco Logo
Clearbit Logo
Alteryx logo
Lemonade Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo

What's Included With CCM

Drata streamlines the CSA CCM process so you can focus on growing your business securely.

Control Library

Pre-Loaded Controls

Enjoy preloaded Drata controls pre-mapped to CSA CSM requirements.

Policy Center Icon

One Central Dashboard

Always know where you stand with a central dashboard for all controls and frameworks.

Automated Evidence Collection

Shared Controls

Reduce duplicative efforts with shared controls between frameworks such as ISO 27001 and NIST 800-53.

Frequently Asked Questions About CCM Compliance

The Cloud Controls Matrix by Cloud Security Alliance (CSA) is a cybersecurity control framework for cloud computing.

This framework helps organizations assess the risks associated with cloud computing providers.

This compliance standard is available for any industry or customer to pursue. CCM helps organizations assess the risks associated with cloud computing providers and is a very comprehensive cloud security standard on the market.

When you manage Cyber Essentials in Drata, take advantage of pre-mapped controls and policies to start automating your compliance program quickly.

CCM is voluntary, and customers can apply for a Security, Trust, Assurance and Risk (STAR) registry to display compliance.

STAR Level 1: Self-Assessment

Variations of Level 1:

  • Security Self-Assessment

  • GDPR Code of Conduct

STAR Level 2: Third-Party Audit

Variations of Level 2

  • STAR Attestation

  • STAR Certification

Drata has more than 75 native integrations. From cloud infrastructure providers like AWS, Google Cloud, and Azure, to human resources platforms like Gusto, GoodHire, and Workday, to dev tools and ticketing such as Jira and Github.

Drata only gives auditors access to what they need in order to streamline the audit engagement. In the Auditor View, you control the level of access your auditor receives. You also dictate the time period that access covers, and the framework so auditors are only seeing evidence and test results of your controls during that specific time window.

Drata was built alongside auditors to ensure you and the auditor have the best user experience. Today, most platforms enable an export of reports or access to the entire set of controls and data you have visibility into. While not every control is applicable to your environment, auditors can’t unsee the evidence you’ve collected, which is why it’s important to only display pertinent information in the Auditor-Only View.

Automate Your Journey

Drata's platform experience is designed by security and compliance experts so you don't have to be one.


Easily integrate your tech stack with Drata.


Pre-map auditor validated controls.


Begin automating evidence collection.

Put Security & Compliance on Autopilot®

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.

Get Started