Cloud Security Alliance Delivers the AI Guardrails You’ve Been Looking For

AI Controls Matrix (AICM) released to define and secure the future of AI

SEATTLE – July 10, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, proudly announces the launch of the AI Controls Matrix (AICM)—a first-of-its-kind framework designed to tackle the real-world risks of generative AI with the precision, clarity, and shared accountability the industry urgently needs.

More than just a set of principles, the AICM offers a comprehensive, actionable blueprint for securing generative AI systems—from model providers to orchestrated service platforms, infrastructure operators, and application developers. Grounded in CSA’s proven compliance DNA and inspired by today’s complex AI ecosystems, the AICM helps organizations build safer, more transparent, and more trustworthy AI services.

“We didn’t just identify the risks—we engineered a roadmap,” said Jim Reavis, CEO and co-founder of CSA. “The AI Controls Matrix bridges the gap between lofty ethical guidelines and real-world implementation. It enables all stakeholders in the AI value chain to align on their roles and responsibilities and measurably reduce risk. This is the new gold standard for responsible AI governance.”

What’s Inside the AICM Toolkit:

• 243 controls across 18 domains, tailored to Generative AI
• Role-based guidance for the full stack and all stakeholders, rooted in principles of shared security responsibility:
  • Generative AI Infrastructure Operators, such as Cloud Providers
  • Model Providers
  • Orchestrated Services Providers
  • Application Providers
• Embedded support for leading standards including ISO/IEC 42001, ISO 27001, NIST AI RMF 1.0, and BSI AI C4, providing needed depth for aligning practical AI Governance, Risk, and Compliance (GRC) needs with multi-framework compliance requirements and enabling audit readiness
• The companion AI-CAIQ self-assessment questionnaire to validate readiness, demonstrate accountability, and accelerate compliance

The AICM provides the foundation for CSA’s forthcoming STAR for AI program, extending our world leading cloud assurance program to all forms of AI systems. Understanding and implementing AICM now prepares organizations of all sizes for compliance with the hundreds of international AI regulations and standards coming into effect.

Get the Toolkit

Download the full AICM + AI-CAIQ bundle and BSI AI C4 and NIST AI RMF mappings at cloudsecurityalliance.org/aicm now. ISO/IEC 42001 and 27001 mappings will be available in August 2025.

About the Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on X @cloudsa.

Media Contact:
Blair Moreland
ZAG Communications for CSA
blair@zagcommunications.com