Common Cloud Controls Project

Common Cloud Controls Project

What is the Common Cloud Controls Project?

Common Cloud Controls (CCC) is the codename for an open standard project, originally proposed by Citi and currently undergoing formation in FINOS, to describe consistent controls for compliant public cloud deployments in the financial services sector.

This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).

By developing a unified taxonomy of common services and associated threats, the project also sets out to alleviate the systemic risk of cloud concentration, an issue highlighted in recent reports from the U.S. Department of the Treasury, the UK HMT, the European Council, and the Monetary Authority of Singapore


Read the July 27th Formation Announcement

2023-07-27 - Common Cloud Controls Press Release-2


Why is this important?

A cloud control standard is urgently needed to enhance security and governance protocols in the financial services sector, as well as to streamline and universalize access for all institutions to efficiently utilize  the public cloud. Cooperating amongst financial services peers and CSPs is crucial to ensure uniformity across various cloud service providers, thereby enabling the industry to implement effective multi-cloud strategies.

Owing to the intricate nature and economic implications of this task, no single service provider, financial entity, or regulatory body can precisely outline what constitutes a compliant financial cloud deployment. The only viable path is through open engagement among stakeholders.

Moreover, from a security standpoint, by coordinating the measures specific to a service-oriented threat model, we can systematically apply controls that correspond to the actual threats we seek to neutralize.


Download to Common Cloud Controls Project Deck for more details

Screen Shot 2023-07-26 at 4.53.21 PM


How to get involved

The first phase of development is only open to FINOS Member firms.

During the project formation phase, 20+ FINOS Members, including 10+ global financial firms, 1 cloud service provider, and 10+ vendors are participating in this initiative beginning in August 2023. The list of Member firms is growing.

The project is inviting participation from financial institutions globally, CSPs, fintech and technology vendors, industry associations, and regulators to ensure broad representation of all constituents involved in the shared responsibility model.

Fill out the form below to register your interest in participating in the project. If you are not a FINOS Member, you can apply for membership here