Cloud Controls Matrix

Back to discussions
Expand all | Collapse all

CCMv4 Workshop Session - March 25th [Meeting Minutes]

  • 1.  CCMv4 Workshop Session - March 25th [Meeting Minutes]

    Posted Mar 26, 2021 06:47:00 AM
    Hi everyone,
                        please find below the minutes from our yesterday's workshop session.

    Agenda Items (AIs)

    1. CCMv4 - TSC 2017 mapping progress status of the comparison review (CCM WG and Audrey Katcher/AICPA group versions)
    2. CCMv4.0 - CISv8.0 mapping progress status
    3. AoB

     

    Participants (14):
    Troin Artis
    Madhav Chablani
    Angell Duran
    Joel John
    Erik Johnson
    Audrey Katcher
    Bala Kaundinya
    Claus Matzke
    Giovanni Massard
    Vani Murthy
    Johan Olivier
    Lefteris Skoutaris (PM)
    Ashish Vashishtha
    Dimitri Vekris

    Meeting Minutes (MMs)

    1. CCMv4 - TSC 2017 mapping progress status of the comparison review (CCM WG and Audrey Katcher/AICPA group versions),
    • All domain reviews are progressing well, waiting for Audrey's final feedback to the CCM WG's suggested updates on 8 CCMv4 domains (AP1) (reviews are complete),
    • Reviews are still ongoing for 5 domains and 4 domains (A&A, CCC, STA, TVM) are missing a reviewer (please contact PM if interested in participating),
    • Joel and Troin signed up for the SEF and IVS comparison reviews respectively (AP2),
    • Bala and Vani are kindly invited to reply to Johan's comments on proposed changes for IAM and DCS respectively (AP3),
    • All professionals are kindly asked to consult the 'status comments' column for any pending actions on their end (AP4).
    CCMv4.0 - TSC 2017 Mapping (comparison review with AICPA's version)


    2. Progress status of the CCMv4.0 - CISv8.0 mapping exercise and call for participation
    • Vani and Michael have delivered the mapping of the IPY domain,
    • Domains DSP and LOG have accepted reviews from both professionals which are undergoing a final consolidation and soon to be delivered,
    • Missing professionals in 6 domains (please see open slots with '?' at the screenshot below) kindly invited to help us out,
    • Need a 2nd reviewer to conduct a final validation check on the existing mapping of domains AIS, BCR and CCC,
    • All professionals are kindly asked to consult the 'status comments' column for any pending actions on their end (AP4).

    CCMv4.0 - CISv8.0 Mapping


    3. AoB
    • Bala asked when the 2 ongoing mapping exercises are to be published. PM replied, the next update of CCMv4 (including the 2 mappings) has to be coordinated internally with CSA's marketing department (possibly date will be mid May, and at the RSA conference),
    • Next CCMv4 workshop call is scheduled on April 1st, 6 pm EEST (9 am PST/ 5 pm CET/ 12 pm EST).

    Action Points (APs)

    AP1: Audrey is kindly invited to provide her final feedback to the CCM WG's suggested updates on the 8 CCMv4 domains and their mappings to TSC 2017.
    AP2: Joel and Troin signed up for the SEF and IVS TSC 2017 mapping comparison reviews respectively and are kindly invited to kick-off their review.
    AP3: Bala and Vani are kindly invited to reply Johan's comments on proposed changes for IAM and DCS respectively (TSC 2017 mapping).
    AP4: All professionals are kindly asked to consult the 'status comments' column for any pending actions on their end (both TSC 2017 and CISv8 mappings).


    Please let me know if anything important is missed above.
    Thank you all for your attendance and support.
    Best regards,

    ------------------------------
    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance
    ------------------------------