Dear members, please find below the minutes from our recent workshop session.
Brief overview of what was discussed:
- We touched base on the progress status of the CCMv4.0 - CCMv3.0.1 mapping update to V4 final,
- Kicked-off the CCMv4.0 - TSC 2017 mapping update to V4 final,
- Kicked-off the development of 'Implementation Guidelines' for the 14 new CCMv4.0 Final controls (14 new since the final draft version)
Please find below the usual well-structured and detailed minutes section.
Agenda Items (AIs)
- Overview of CCMv4.0 - CCMv3.0.1 mapping update progress status
- Overview of CCMv4.0 - TSC 2017 mapping & kick-off mapping update activity
- Overview of pending actions for the V4 Implementation Guidelines & kick-off development for new controls missing such guidance
Participants (8):
Angela Dogan
Angell Duran
Rajeev Gupta
Roberto Hernandez
Nancy Kramer
Claus Matzke
Vani Murthy
Lefteris Skoutaris (PM)
Meeting Minutes (MMs)
1. Overview of
CCMv4.0 - CCMv3.0.1 mapping update progress status
- The objective of the exercise is to determine if the existing mappings & gap levels need to be modified after the introduction of the V4 final control specifications (since the previous final draft version),
- Mapping update activities for 6/17 domains are in progress,
- To maintain consistency, professionals are kindly invited to indicate the "exact" portion of the V4 control that is missing from V3, in "Partial Gap" cases,
- Professionals are kindly invited to consult column "H" under the "Progress status" tab for pending actions (AP1),
- Many thanks to Vani for her strong support in this activity,
- Deadline for first update phase is set by February 18th.
2. Overview of
CCMv4.0 - TSC 2017 mapping & kick-off mapping update activity
- The CCMv4.0 - TSC 2017 mapping has been adapted to include the new V4 final control specifications,
- In the same footsteps as V3, this mapping has to be also updated,
- The AICPA team will support this activity by conducting a parallel mapping exercise which is going to be used to compare with the mapping of the group, and used to discuss & consolidate possible deltas,
- Lefteris to reach out to professionals in order to begin the review and update of this mapping exercise.
3. Overview of pending actions for the
CCMV4.0 Implementation Guidelines (Final Draft) & kick-off development for new controls missing such guidance
- Lefteris is preparing a 'clean' version of the IG based on the work of the WG in Q3-Q4 2020,
- The IG has been updated with the V4 Final controls,
- IG for a total of 14 new controls must be developed for domains CEK, HRS, IAM, UEM, TVM, IVS, the respective teams have been contacted & agreed to carry out the development by mid of February (AP3),
- Pending actions from Sandra and Erik remain on DSP and STA respectively (AP4),
Action Points (APs)AP1: Professionals are kindly invited to consult column "H" under the "Progress status" tab for pending actions.
AP2: Lefteris to reach out to professionals in order to begin the review and update of the CCMv4.0 - TSC 2017 mapping exercise.
AP3: IG for a total of 14 new controls must be developed for domains CEK, HRS, IAM, UEM, TVM, IVS, the respective teams have been contacted & agreed to carry out the development by mid of February.
AP4: Pending actions from Sandra and Erik remain on the Implementation Guidelines of DSP and STA respectively.
As always, please reach out to me with your questions and let me know if anything important is missed above.
Thank you all for your attendance and support.
Best regards,
Lefteris------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------