Cloud Controls Matrix

Expand all | Collapse all

CCMv4 Workshop Session - March 11th [Meeting Minutes]

  • 1.  CCMv4 Workshop Session - March 11th [Meeting Minutes]

    Posted Mar 12, 2021 11:12:00 AM

    Hi everyone,
                        please find below the minutes from our recent workshop session.

    Agenda Items (AIs)

    1. Touch base on the progress status of 5 CCMv4.0 development activities (3 mappings, Implementation Guidelines, Controls Applicability Matrix)
    2. Kick-off the comparison review of the two versions of the TSC 2017 mapping (CCM WG version and the one provided from Audrey Katcher/AICPA group)
    3. AoB

     

    Participants (12):
    Troin Artis
    Angell Duran
    Roberto Hernandez
    John Joel
    Audrey Katcher
    Dejuan Kennedy
    Bala Kaundinya
    Giovanni Massard
    Vani Murthy
    Johan Olivier
    Lefteris Skoutaris (PM)
    Ashish Vashishtha

     

    Meeting Minutes (MMs)

    1. Touch base on the progress status of 5 CCMv4.0 development and update activities (3 mappings, Implementation Guidelines, Controls Applicability Matrix)

    • The objective of the 'update' exercises is to adapt the mappings/CAM to the changes that were introduced with the release of CCMv4.0 final and also to develop implementation guidelines for the 14 new controls that were also introduced.
    • Professionals are kindly invited to join the next CCM WG call on March 17th where CSA is going to announce the kick-off for the next set of mappings to CCMv4.0.
    • Would like to thank all the teams for their contribution and support to all CCMv4.0 development activities.
    • All professionals will be acknowledged (for the final release of completed components) and their names included in the coming official release of the CCMv4.0 Update (snapshot of Acks is posted in Circle).

    CCMv4.0 - CCMv3.0.1 Mapping Update

    • The exercise has been successfully completed!,
    • This mapping is expected to be published on March 15th as part of an update to CCMv4.0 final.

    CCMv4.0 - TSC 2017 Mapping Update

    • The exercise has been successfully completed!,
    • The WG will proceed with mapping and will conduct a comparison review to the version that the AICPA group, Audrey Katcher, has shared.
    • More info under AI-2 below.

    CCMv4.0 – ISO27001/02/17/18 Mapping Update

    • The exercise has been successfully completed!,
    • This mapping is expected to be published on March 15th as part of an update to CCMv4.0 final.

    CCMv4.0 Implementation Guidelines (Final Draft)

    • The exercise has been successfully completed!
    • This IG is expected to be set for open peer review and for a period of 30 days starting March 15th.
    Controls Applicability Matrix Update
    • The exercise has been successfully completed!
    • This CAM is expected to be published on March 15th as part of an update to CCMv4.0 final.
    2. Kick-off the comparison review of the two versions of the TSC 2017 mapping (CCM WG version and the one provided from Audrey Katcher/AICPA group),
    • The objective of the exercise is to refine and improve the CCM WG version of the TSC 2017 mapping based on the input provided by Audrey/AICPA,
    • The mapping tool where the teams will be working on is shared in Circle/CCMWG/Library and can be also accessed here,
    • Vani and Michael have completed their review on AIS and CEK respectively,
    • Professionals are kindly invited to consult pending actions under column 'H' on the domain that have signed up for (AP1),
    • Deadline is set for March 31st.
    3. AoB
    • Next CCMv4 workshop call is scheduled on March 18th, 6 pm EEST (8 am PST/ 5 pm CET/ 11 am EST).

    Action Points (APs)
    AP1: Professionals are kindly invited to consult pending actions under column 'H' on the domain that have signed up for (AP1).

    Please let me know if anything important is missed above. 
    Thank you all for your attendance and support.
    Best regards,

    Lefteris
    CCM WG PM



    CCMV4 - AICPA TSC2017 Mapping - Comparison Review Exercise (progress status snapshot)




    ------------------------------
    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance
    ------------------------------


  • 2.  RE: CCMv4 Workshop Session - March 11th [Meeting Minutes]

    Posted Mar 14, 2021 01:55:00 AM
    Hi 

    I have recently joined the group.  How do I take part in the meetings and contribute to work ?

    I, also, plan to map CCM v4.0 to UAE Standard - NESA, which ofcourse, we will do though our Local CSA - UAE Chapter. 

    Do let me know how do I actively get involved in this ?

    Thanks

    Yogesh

    ------------------------------
    Yogesh Gupta
    Chief Catalyst
    CloudSec Club
    ------------------------------