Cloud Controls Matrix

Back to discussions
Expand all | Collapse all

Auditing Guidelines dev. Team Call - April 23rd [Meeting Minutes]

  • 1.  Auditing Guidelines dev. Team Call - April 23rd [Meeting Minutes]

    Posted Apr 28, 2021 02:16:00 AM

    Hi everyone,
                        please find below the minutes from our recent call session.

    The activity is currently missing auditors to help us out on the development of auditing guidelines for the IAM and UEM domains. If someone is interested, contact the PM (Lefteris).

    Relevant documentation:
    • CCMv4.0 Auditing Guidelines worksheet (Input document)
    • CCAK extract: module 7 CCM Auditing Guidelines (supportive documentation)
    • CCAK extract: CCM Audit Workbook (supportive documentation)


    Agenda Items (AIs):

    1.Touch base on the progress status of Auditing Guidelines (AGs) development
    2. Other topics of discussion during the session
    3. AoB


    Participants (10):
    Parminder Bawa
    Angell Duran
    Sanjeev Gupta
    Damian Heal
    Jan Jacobsen
    Bilal Khattak
    Vani Murthy
    Agnidipta Sarkar
    Steve Sparkes
    Lefteris Skoutaris (PM)

     

    Meeting Minutes (MMs)

    1. Touch base on the progress status of Auditing Guidelines (AGs) development
    • Sanjeev, Parminder and Agni have completed a first draft of AGs for A&A, AIS and BCR domains,
    • A first draft of the AGs is completed for 9/17 CCMv4 domains (6/17 have also a 2nd review conducted), 
    • Jan and Bilal signed up for AGs dev. for the remainder of controls in CEK-8/10/12-21 (AP1),
    • Sanjeev offered to kick-off the development of AGs for the HRS domain. Angell offered to support with a 2nd review on the first draft (AP2)
    • Renu has started working on the LOG domain,
    • Agni signed up to work on the AGs dev. for the SEF domain (AP3),
    • Professionals participating in the exercise are kindly invited to consult the 'Progress Status' tab (column H) for any pending actions on their end (AP4),
    • Hard Deadline is set on 14/5 for delivering a first draft for all CCMv4.0 domains.

    Snapshot taken from 'progress status' tab of the AG workbook

    2. Other topics of discussion during the session
    • Sanjeev suggested that will be helpful for the AGs developers and the target audience to include definitions (CASCO) for the verbs used to specify the assessment guidelines
    • Tab 'Reference' and row 5 was updated to this respect

    3. AoB
    • Next CCMv4.0 AG dev. call is scheduled on May 7th, 5 pm EEST (7am PST / 10am EST / 4pm CET).

    Action Points (APs)

    AP1: Jan and Bilal signed up for AGs dev. for the remainder of controls in CEK-8/10/12-21
    AP2: Sanjeev offered to kick-off the development of AGs for the HRS domain. Angell offered to support with a 2nd review on the first draft
    AP3: Agni signed up to work on the AGs dev. for the SEF domain
    AP4: Professionals participating in the exercise are kindly invited to consult the 'Progress Status' tab (column H) for any pending actions on their end


    Please let me know if anything important is missed above. 
    Thank you all for your attendance and support.
    Best regards,



    ------------------------------
    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance
    ------------------------------