Cloud Controls Matrix

  • 1.  CCM v4.0.2 Errata

    Posted Aug 02, 2021 06:55:00 AM

    Hi Folks,
     We, CSA JP translation WG  found several errata on CCM v4.0.2 control mapping with ISO/IEC 27001/02/17/18.

    1) DCS-04 

       There's a map to 27007:8.3.3. This might be typo of 27002:8.3.3, not 27007.(ISO/IEC 27007 is the audit guideline for ISMS, fyi).

    2) STA-01, STA-12
      Both control contain a map to 27001:A.5.2,  but there is no A.5.2 in ISO/IEC 27001. This might be a typo of 15.2 Supplier service delivery management.

    3) UEM-11

      There are map to 27001:A.3.2.2, 27002:3.2.2 and there is no 3.x sub clause in both ISO/IEC 27001 and 27002. 

      This might be a typo of 13.2.2 Agreements on information transfer

    4) Omitting ISO number  like ISO/IEC 27001/02/17/18 is uncommon. I recommend to use ISO/IEC 27001, 27002, 27017 and 27018.

    Please, check it.

    Koichiro Watanabe

  • 2.  RE: CCM v4.0.2 Errata

    Posted Aug 04, 2021 01:53:00 AM
    Edited by Eleftherios Skoutaris Aug 04, 2021 02:02:21 AM
    Hi Koichiro,
    Thank you for your input as It really helps us improve CCM.

    Will bring this post to the attention of the CCM WG in order to evaluate your findings and apply changes to the respective mapping if/where deemed necessary.
    Any agreed changes will be applied to the mapping and shall appear at the next -minor- version update of the standard.

    Kind regards,

    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance

  • 3.  RE: CCM v4.0.2 Errata

    Posted Aug 09, 2021 09:19:00 AM

     I hope our feedback helps WG activity well.
    I also found wording inconsistencies and struggled in Japanese translation. I will provide them in next reviewing process. 


    Koichiro Watanabe
    Amazon Web Services Japan, K.K.
    Amazon Web Services Japan, K.K.