How this command is triggered — by the user, by Claude, or both
Slash command
/csa-ccm:assessThe summary Claude sees in its command listing — used to decide when to auto-load this command
# CSA CCM Assessment Evaluates organizational readiness for Cloud Security Alliance Cloud Controls Matrix (CCM) compliance. ## Arguments - `$1` - Assessment scope (required: full, domain-specific, service-model) - `$2` - Cloud service model (optional: IaaS, PaaS, SaaS, hybrid) ## CSA CCM Overview **Purpose**: Provide cloud-specific security controls framework **Current Version**: CCM v4.0 (197 control objectives) **Domains**: 17 security domains **Use Cases**: Cloud provider assessments, cloud security posture, multi-framework compliance ## Cloud Service Models | Model | Description ...
Evaluates organizational readiness for Cloud Security Alliance Cloud Controls Matrix (CCM) compliance.
$1 - Assessment scope (required: full, domain-specific, service-model)$2 - Cloud service model (optional: IaaS, PaaS, SaaS, hybrid)Purpose: Provide cloud-specific security controls framework Current Version: CCM v4.0 (197 control objectives) Domains: 17 security domains Use Cases: Cloud provider assessments, cloud security posture, multi-framework compliance
| Model | Description | Provider Responsibility | Consumer Responsibility |
|---|---|---|---|
| IaaS | Infrastructure as a Service | Physical infrastructure, network | OS, apps, data, identity |
| PaaS | Platform as a Service | Infrastructure + OS + runtime | Applications, data |
| SaaS | Software as a Service | Full stack | Data, access management |
| Hybrid | Mixed deployment | Shared based on architecture | Shared based on architecture |
A&A - Audit and Assurance
AIS - Application & Interface Security
BCR - Business Continuity & Operational Resilience
CCC - Change Control & Configuration Management
CEK - Cryptography, Encryption & Key Management
DCS - Data Security & Privacy Lifecycle Management
DSP - Data Security & Privacy
GRC - Governance, Risk & Compliance
HRS - Human Resources
IAM - Identity & Access Management
IPY - Interoperability & Portability
IVS - Infrastructure & Virtualization Security
LOG - Logging & Monitoring
SEF - Security Incident Management
STA - Supply Chain Management, Transparency & Accountability
TVM - Threat & Vulnerability Management
UEM - Universal Endpoint Management
CCM maps to major compliance frameworks:
# Full CCM assessment for SaaS provider
/ccm:assess full SaaS
# Domain-specific assessment for encryption
/ccm:assess domain-specific CEK
# IaaS cloud infrastructure assessment
/ccm:assess full IaaS
# Hybrid cloud environment assessment
/ccm:assess full hybrid
Assessment prepares organization for CSA CAIQ (Consensus Assessments Initiative Questionnaire):
npx claudepluginhub vantainc/claude-grc-engineering --plugin csa-ccm/assessCompares a local repository against a topic wiki's research body and the broader market, producing a gap analysis with opportunities and competitive landscape.
/assessAssesses DORA compliance readiness for EU financial entities and ICT providers. Requires scope (full, pillar-specific, entity-type); optional entity classification.
/assessAssesses GLBA compliance readiness for specified scope (full, safeguards, privacy, pretexting) and institution type, producing compliance score and detailed evaluation.
/assessAssesses compliance with NIST 800-53 controls for a specified control family (e.g., AC) or baseline (low, moderate, high), with optional revision (r4 or r5).
/assessAssesses SOC 2 Type I or II audit readiness for specified scope (security, availability, confidentiality, processing integrity, privacy), producing readiness scores, control gaps, evidence requirements, remediation recommendations, and timeline.
/assessAssesses ISMS compliance against ISO 27001:2022 clauses and Annex A controls, producing status reports, gap analysis, Statement of Applicability guidance, and certification readiness.