1、云控制矩阵 4.0（中英版）中中文文翻翻译译版版说说明明本文由云安全联盟大中华区（CSA GCR）CCM4.0翻译专家组对Cloud Controls Matrix v4进行翻译审校。翻翻译译审审校校工工作作专专家家（以下排名按字母先后排序）陈皓 顾伟 高轶峰 胡友杰 苏泰泉 沈勇 王永霞 于新元 赵锐2021云安全联盟大中华区保留所有权利。你可以在你的电脑上下载、储存、展示、查看及打印，或者访问云安全联盟大中华区官网（https:/www.c-）。但必须遵守以下条件：（a）本文仅可用作个人、信息获取，非商业用途；（b）不得以任何方式篡改本文内容；（c）本文不得转发；（d）该商标、版权或其他声

2、明不得删除。在遵循中华人民共和国著作权法相关条款情况下合理使用本文内容，使用时请注明引用于云安全联盟大中华区。CLOUD CONTROLS MATRIX VERSION 4.0 云云控控制制矩矩阵阵 4.0Control Title控控制制措措施施Control ID控控制制编编号号Updated Control Specification更更新新的的控控制制措措施施规规范范Audit&Assurance -A&A 审审计计&保保障障Audit and Assurance Policy and Procedures审计与保障的策略及规程A&A-01Establish,document,appr

3、ove,communicate,apply,evaluate and maintain audit and assurance policies and procedures and standards.Review and update the policies and procedures at least annually.建立、记录、批准、沟通、应用、评估和维护审计和保障策略、规程和标准。至少每年一次审查和更新公司的策略和规程。Independent Assessments独立评估A&A-02Conduct independent audit and assurance assessm

4、ents according to relevant standards at least annually.每年至少一次，根据相关标准进行独立审计和保障评估Risk Based Planning Assessment基于风险规划评估A&A-03Perform independent audit and assurance assessments according to risk-based plans and policies.根据基于风险的计划和策略执行独立的审计和保证评估Requirements Compliance符合性需求A&A-04Verify compliance with a

5、ll relevant standards,regulations,legal/contractual,and statutory requirements applicable to the audit.验证符合所有适用于审计的相关标准、法规、法律/合同和法定要求Audit Management Process审计管理过程A&A-05Define and implement an Audit Management process to support audit planning,risk analysis,security control assessment,conclusion,rem

6、ediation schedules,report generation,and review of past reports and supporting evidence.定义和实施审计管理过程，以支持审计计划、风险分析、安全控制评估、结论、补救计划、报告生成，以及对过去报告和相关证据的审查。Remediation补救A&A-06Establish,document,approve,communicate,apply,evaluate and maintain a risk-based corrective action plan to remediate audit findings,r