Cloud Controls Matrix

Back to discussions
Expand all | Collapse all

CCMv4 Workshop Session - May 6th [Meeting Minutes]

  • 1.  CCMv4 Workshop Session - May 6th [Meeting Minutes]

    Posted May 10, 2021 07:22:00 AM

    Hi team,
                      please find below the minutes from our recent workshop session.

    Agenda Items (AIs)

    1. CCMv4.0 mapping projects and their progress status
    2. CCMv4.0 Implementation Guidelines final review
    3. CAIQv4.0 latest update
    4. AoB

     

    Participants (12):
    John Britton
    Angell Duran
    Frank Jaramillo
    Joel John
    Erik Johnson
    Bala Kaundinya
    Claus Matzke
    Johan Olivier
    Thomas Sager
    Nishanth Singarapu
    Lefteris Skoutaris (PM)
    Ashish Vashishtha

      

    Meeting Minutes (MMs)

    1. CCMv4.0 mapping projects and their progress status

    CCMv4.0 - TSC 2017 Mapping
    • Mapping is complete,
    • CSA is coordinating with AICPA before publishing.

    CCMv4.0 - CISv8.0 Mapping
    • Mapping is complete,
    • The CIS team has provided its feedback to the mapping & gap analysis conducted by the CCM WG,
    • A task force team comprised of Joel, Angell, Johan and Claus has been put together to process and comment back to CIS feedback,
    • The team is reviewing CIS team's input and consolidating that into a final version of the work,
    • CIS team is kindly invited to join the WG's next workshop session (on 13/5) to discuss & validate provided inputs (AP1).


    2. CCMv4.0 Implementation Guidelines final review
    • CCMv4.0 IG document used for the review (includes open peer review + Google's comments),
    • The WG has kicked-off the final review of the CCMv4.0 Implementation Guidelines on 22/4,
    • First review session was held on 7/5 where the group has successfully reviewed and updated the IGs for the Audit and Assurance (A&A) domain,
    • Harry suggested that the PM (Lefteris) goes ahead and 'clean up' the document from grammar/syntax based comments in order to speed up the review (AP2),
    • Professionals are kindly invited to complete the tasks for the domains that have sign up for during phase 2 (AP3),
    • Second review session is scheduled for the coming Friday (14/5).


    3. CAIQv4.0 latest update
    • CAIQv4.0 final review is complete,
    • PM is consolidating the inputs that were discussed and agreed during the review sessions,
    • CAIQv4.0 is expected for publication on June 7th.

    4. AoB
    • Next CCMv4 workshop call is scheduled on May 13th, 6 pm EEST (8 am PST/ 5 pm CET/ 11 pm EST).
    • Next CCMv4.0 Implementation Guidelines review session is scheduled on May 14th , 5 pm EEST (7 am PST/ 5 pm CET/ 10 pm EST).

    Action Points (APs)
    AP1: CIS team is kindly invited to join the WG's next workshop session (on 13/5) to discuss & validate provided inputs (PM contact CIS).
    AP2: Harry suggested that the PM (Lefteris) goes ahead and 'clean up' the document from grammar/syntax based comments in order to speed up the review.
    AP3: Professionals are kindly invited to complete the tasks for the domains that have sign up for during phase 2.


    Please let me know if anything important is missed above.
    Thank you all for being active and supporting us!
    Best regards,

    ------------------------------
    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance
    ------------------------------