Hi everyone,
please find below the minutes from our recent workshop session on 4/3 (with a couple of updates included since then).
Agenda Items (AIs)
- Touch base on the progress status of the 5 CCMv4.0 development activities (3 mappings, Implementation Guidelines, Controls Applicability Matrix)
- Audrey Katcher form the AICPA group to provide an overview on her team's mapping version for the CCMv4.0-TSC2017 mapping
- Visit PM consistency checks for the CCMv4.0 - CCMv3.0.1 mapping and pending comments resolution
- AoB
Participants (18):
Renu Bedi
John Britton
Madhav Chablani
Brian Dorsey
Angell Duran
Roberto Hernandez
John Joel
Erik Johnson
Audrey Katcher
Bala Kaundinya
Claus Matzke
Vani Murthy
Johan Olivier
Chinmoy Rajpal
Michael Roza
Chirag Sheth
Lefteris Skoutaris (PM)
Dimitri Vekris
Meeting Minutes (MMs)
1. Touch base on the progress status of the 5 CCMv4.0 development activities (3 mappings, Implementation Guidelines, Controls Applicability Matrix)
- The objective of the 'update' exercises is to adapt the mappings/CAM to the changes that were introduced with the release of CCMv4.0 final and also to develop implementation guidelines for the 14 new controls that were also introduced.
CCMv4.0 - CCMv3.0.1 Mapping Update
- The exercise has been successfully completed!,
- This mapping is expected to be published on March 15th with the CCMv4.0 final,
- Would like to thank all professionals participating and contributing to this activity!
CCMv4.0 - TSC 2017 Mapping Update
- Mapping delivery date is extended to March 10th with hard deadline,
- 15/17 domains delivered, remaining 2 are 'In good progress' (waiting for final inputs consolidation),
- Professionals are kindly invited to visit the mapping tool and consult the pending actions under column 'H' (AP1),
- Lefteris (PM) to prep this mapping to discuss deviations in comparison to the version that the AICPA group, Audrey Katcher, has shared (AP2).
CCMv4.0 – ISO27001/02/17/18 Mapping Update
- Mapping delivery date is extended to March 10th with hard deadline,
- 11/17 domains have been checked and updated, remaining updates for the rest 6 of the domains are pending,
- Professionals are kindly invited to visit the mapping tool and consult the pending actions under column 'H' (AP1),
CCMv4.0 Implementation Guidelines (Final Draft)
- The exercise has been successfully completed!
- This IG is expected to be published for open peer review on March 15th with the CCMv4.0 final.
- Would like to thank all professionals participating and contributing to this activity!
Controls Applicability Matrix Update
- The exercise has been successfully completed!
- This CAM is expected to be published on March 15th with the CCMv4.0 final,
- Would like to thank all professionals participating and contributing to this activity!
2.
Audrey Katcher form the AICPA group will provide an overview on her team's mapping version for the CCMv4.0-TSC2017 mapping
- Audrey was invited by CSA to share her feedback on the CCMv4.0 - TSC 2017 mapping,
- Audrey has shared with the group the AICPA version of the same mapping to review and discuss possible deviations that are identified,
- The objective of the exercise is to add another layer of consistency and quality on the existing mapping from the CCM WG,
- The deadline for this activity has been extended to end of March,
- Lefteris to share with the group the updated mapping file including Audrey's input and kick-off a round of reviews including 1 professional this time (AP3).
3. Visit PM consistency checks for the CCMv4.0 - CCMv3.0.1 mapping and pending comments resolution
- PM is conducting consistency checks on this mapping based on CSA and CCM WG agreed methodology,
- 11 domains have been evaluated for consistency in collaboration with the professionals participating in the exercise,
- Consistency checks on 6 more domains is currently WiP.
4. AoB
- Next CCMv4 workshop call is scheduled on March 11th, 6 pm EEST (8 am PST/ 5 pm CET/ 11 am EST).
Action Points (APs)
AP1: Professionals are kindly invited to visit the mapping tools and consult the pending actions under column 'H'.
AP2: Lefteris (PM) to prep this mapping to review & discuss deviations in comparison to the version that the AICPA group, and Audrey Katcher, have shared.
AP3: Lefteris (PM) to share with the group at the next meeting the updated mapping file, including Audrey's input and kick-off a round of reviews (engaging 1 professional per domain mapping)
Please let me know if anything important is missed above.
Thank you all for your attendance and support.Best regards,Lefteris
CCM WG PMCCMv4.0 - CCMv3.0.1 Mapping Update - Progress Status Snapshot
CCMv4.0 - TSC 2017 Mapping Update - Progress Status Snapshot
CCMv4.0 - ISO27001/02/17/18 Mapping Update - Progress Status Snapshot
CCMv4.0 IG Development - Progress Status Snapshot
CCMv4.0 Controls Applicability Matrix Update - Progress Status Snapshot
------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------