Enterprise Architecture

Mapping Tools to Capabilities and Models

  • 1.  Mapping Tools to Capabilities and Models

    Posted May 09, 2022 09:18:00 AM
    Hi all, first post in this working group - so hello!

    I'm hoping to use this forum and the CSA tool-set to help me better understand controls, capabilities and models, and how they all fit together. 

    I have a request for some advice if I may.

    If I was to attempt to map a set of security tools, services and applications to a capability / reference model, where would I start with the CSA materials?

    For example, I could build a capability model against the EA-Reference-Diagrams, as this goes down to some low levels details, such as 'endpoint - application firewalls', and 'server - firewalls'.

    Or, I could also use the CCM (v4) as it is built and crossed referenced to other models, NIST, CIS, etc; but in the example above, 'Firewalls' sits as either 'software - firewalls' or the generic 'Network Security'. The CCM also doesn't seem to explicitly reference Anti-Virus protection, whereas the EA model does.

    Has anyone else found this to be a little tricky?

    Any advice would be greatly appreciated, thank you!


    James Dawson
    Security Architect
    Three UK