Cloud Controls Matrix

Back to discussions
Expand all | Collapse all

CCMv4 Workshop Session - March 4th [Meeting Minutes]

  • 1.  CCMv4 Workshop Session - March 4th [Meeting Minutes]

    Posted Mar 08, 2021 04:24:00 AM

    Hi everyone,
                        please find below the minutes from our recent workshop session on 4/3 (with a couple of updates included since then).


    Agenda Items (AIs)

    1. Touch base on the progress status of the 5 CCMv4.0 development activities (3 mappings, Implementation Guidelines, Controls Applicability Matrix)
    2. Audrey Katcher form the AICPA group to provide an overview on her team's mapping version for the CCMv4.0-TSC2017 mapping
    3. Visit PM consistency checks for the CCMv4.0 - CCMv3.0.1 mapping and pending comments resolution
    4. AoB

     

    Participants (18):
    Renu Bedi
    John Britton
    Madhav Chablani
    Brian Dorsey
    Angell Duran
    Roberto Hernandez
    John Joel
    Erik Johnson
    Audrey Katcher
    Bala Kaundinya
    Claus Matzke
    Vani Murthy
    Johan Olivier
    Chinmoy Rajpal
    Michael Roza
    Chirag Sheth
    Lefteris Skoutaris (PM)
    Dimitri Vekris

     

    Meeting Minutes (MMs)

    1. Touch base on the progress status of the 5 CCMv4.0 development activities (3 mappings, Implementation Guidelines, Controls Applicability Matrix)

    • The objective of the 'update' exercises is to adapt the mappings/CAM to the changes that were introduced with the release of CCMv4.0 final and also to develop implementation guidelines for the 14 new controls that were also introduced.


    CCMv4.0 - CCMv3.0.1 Mapping Update

    • The exercise has been successfully completed!,
    • This mapping is expected to be published on March 15th with the CCMv4.0 final,
    • Would like to thank all professionals participating and contributing to this activity!


    CCMv4.0 - TSC 2017 Mapping Update

    • Mapping delivery date is extended to March 10th with hard deadline,
    • 15/17 domains delivered, remaining 2 are 'In good progress' (waiting for final inputs consolidation),
    • Professionals are kindly invited to visit the mapping tool and consult the pending actions under column 'H' (AP1),
    • Lefteris (PM) to prep this mapping to discuss deviations in comparison to the version that the AICPA group, Audrey Katcher, has shared (AP2).


    CCMv4.0 – ISO27001/02/17/18 Mapping Update

    • Mapping delivery date is extended to March 10th with hard deadline,
    • 11/17 domains have been checked and updated, remaining updates for the rest 6 of the domains are pending,
    • Professionals are kindly invited to visit the mapping tool and consult the pending actions under column 'H' (AP1),

    CCMv4.0 Implementation Guidelines (Final Draft)

    • The exercise has been successfully completed!
    • This IG is expected to be published for open peer review on March 15th with the CCMv4.0 final.
    • Would like to thank all professionals participating and contributing to this activity!
    Controls Applicability Matrix Update
    • The exercise has been successfully completed!
    • This CAM is expected to be published on March 15th with the CCMv4.0 final,
    • Would like to thank all professionals participating and contributing to this activity!

    2. Audrey Katcher form the AICPA group will provide an overview on her team's mapping version for the CCMv4.0-TSC2017 mapping
    • Audrey was invited by CSA to share her feedback on the CCMv4.0 - TSC 2017 mapping,
    • Audrey has shared with the group the AICPA version of the same mapping to review and discuss possible deviations that are identified,
    • The objective of the exercise is to add another layer of consistency and quality on the existing mapping from the CCM WG,
    • The deadline for this activity has been extended to end of March,
    • Lefteris to share with the group the updated mapping file including Audrey's input and kick-off a round of reviews including 1 professional this time (AP3).
    3. Visit PM consistency checks for the CCMv4.0 - CCMv3.0.1 mapping and pending comments resolution
    • PM is conducting consistency checks on this mapping based on CSA and CCM WG agreed methodology,
    • 11 domains have been evaluated for consistency in collaboration with the professionals participating in the exercise,
    • Consistency checks on 6 more domains is currently WiP.
    4. AoB
    • Next CCMv4 workshop call is scheduled on March 11th, 6 pm EEST (8 am PST/ 5 pm CET/ 11 am EST).

    Action Points (APs)
    AP1: Professionals are kindly invited to visit the mapping tools and consult the pending actions under column 'H'.
    AP2: Lefteris (PM) to prep this mapping to review & discuss deviations in comparison to the version that the AICPA group, and Audrey Katcher, have shared.
    AP3: Lefteris (PM) to share with the group at the next meeting the updated mapping file, including Audrey's input and kick-off a round of reviews (engaging 1 professional per domain mapping)

    Please let me know if anything important is missed above. 
    Thank you all for your attendance and support.
    Best regards,

    Lefteris
    CCM WG PM


    CCMv4.0 - CCMv3.0.1 Mapping Update - Progress Status Snapshot


    CCMv4.0 - TSC 2017 Mapping Update - Progress Status Snapshot


    CCMv4.0 - ISO27001/02/17/18 Mapping Update - Progress Status Snapshot

    CCMv4.0 IG Development - Progress Status Snapshot

    CCMv4.0 Controls Applicability Matrix Update - Progress Status Snapshot


    ------------------------------
    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance
    ------------------------------