Dear members, please find below the minutes from our recent workshop session on 11/02.
Brief overview of what was discussed:
- We touched base on the progress status of the CCMv4.0 - CCMv3.0.1 mapping update to V4 final & performed a consistency check on the mappings of 3 domains,
- Missing a reviewer per GRC and TVM domains for the CCMv4.0-CCMv3.0.1 mapping (See image at the end - Anyone interested?),
- Similarly, on the progress status of the CCMv4.0 - TSC 2017 mapping update to V4 final,
- And finally, on the progress of the 'Implementation Guidelines' development for the 14 new CCMv4.0 Final controls (14 new since the final draft version),
- Missing a reviewer per IAM and IVS TVM domains for the CCMv4.0 IG dev. (See image at the end - Anyone interested?).
Please find below the usual well-structured and detailed minutes section.
Agenda Items (AIs)
- Overview of CCMv4.0 - CCMv3.0.1 mapping update progress status,
- Overview of CCMv4.0 - TSC 2017 mapping update progress status,
- Overview of development for the IG of the 14 news controls of CCMv4.0 (since the final draft version).
Participants (19):
Madhav Chablani
Geoff Bird
Genn Bluff
Angela Dogan
Angell Duran
Rajeev Gupta
Damian Heal
Roberto Hernandez
Mamane Ibrahim
Frank Jaramillo
Bala Kaundinya
Nancy Kramer
Giovanni Massard
Claus Matzke
Vani Murthy
Johan Olivier
Michael Roza
Lefteris Skoutaris (PM)
Ashish Vashishtha
Meeting Minutes (MMs)
1. Overview of CCMv4.0 - CCMv3.0.1 mapping update progress status
- The objective of the exercise is to determine if the existing mappings & gap levels need to be modified after the introduction of the V4 final control specifications (since the previous final draft version),
- Mapping update activities for 9/17 domains are complete,
- PM conducted a 'consistency' check on domains IVS, UEM and BCR and contacted the corresponding experts for discussing,
- Discussion took place over HRS domain update review and consolidating provided inputs,
- Professionals are kindly invited to consult column "H" under the "Progress status" tab for pending actions (AP1),
- Deadline for first update phase is set by February 18th.
2. Overview of CCMv4.0 - TSC 2017 mapping & kick-off mapping update activity
- The CCMv4.0 - TSC 2017 mapping has been adapted to include the new V4 final control specifications,
- The A&A domain mapping has been updated and completed, and 6 more domains updates in progress,
- Professionals are kindly invited to consult column "H" under the "Progress status" tab for pending actions (AP2),
- The AICPA group will support this activity by conducting a parallel mapping exercise which is going to compared with the mapping of the CCM WG.
3. Overview of pending actions for the CCMV4.0 Implementation Guidelines (Final Draft)
- The IG has been updated with the V4 Final controls and PM prepared a 'clean' version of the IG based on the work of the WG in Q3-Q4 2020,
- IG for a total of 14 new controls must be developed for domains CEK, HRS, IAM, UEM, TVM, IVS,
- IG for TVM-01 has been developed and reviewed by both professionals,
- IG for IAM-09/-16 has been developed and missing review by the 2nd professional. Also IAM-02 is missing IG,
- IG for CEK-08, HRS-04, UEM-13 and IVS-01 has been developed and missing review by the 2nd professional,
- Professionals are kindly invited to consult column "H" under the "Progress status" tab for pending actions (AP3).
Action Points (APs)AP1/2/3: Professionals are kindly invited to consult column "H" under the "Progress status" tab per corresponding activity for pending actions.As always, please let me know if anything important is missed above.
Thank you all for your attendance and support.
Best regards,
Lefteris
CCMv4.0 - CCMv3.0.1: Snapshot of Mapping Update Progress Status
------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------