Dear members,
please find below the minutes from our recent CCM WG main and workshop call.
Brief summary:
The CAIQv4 development and its review have been finally completed and the questionnaire is prepared for publication on the 7th of June. The CCMv4.0 Implementation Guidelines are currently placed under final peer review. The two mappings exercises have been also completed and discussing next steps with CCM leadership (new mappings to pursue). The CCMv4.0 auditing guidelines development proceeds on schedule.
Please find below the usual well-structured and detailed minutes section.
Agenda Items (AIs):
- Quick update on all CCMv4.0 activities and components development (IG, CAIQ peer reviews, deadlines, next steps)
- CCMv4.0 mapping & gap analysis exercises to AICPA TSC 2017 and CIS v8.0 (Brief update on progress)
- CCMv4.0 Auditing Guidelines (AGs) development (Brief update on progress, call for auditors participation)
- AoB
Participants (19):
Mimi-Blanco Best
John Britton
Brian Dorsey
Angell Duran
Frank Jaramillo
Joel John
Erik Johnson
Audrey Katcher
Bala Kaundinya
Tanya Luster
Dorothy McQuilken
Claus Matzke
Vani Murthy
Johan Olivier
Thomas Sager
Sendhu Sivakumar
Lefteris Skoutaris (PM)
David Sztyk
Dimitri Vekris
Meeting Minutes (MMs):
1. Quick update on current CCMv4.0 activities and components development (IG, CAIQ peer reviews, deadlines, next steps)
- The CAIQv4 final review is complete (Many thanks to Tony Snook and the rest of the group). CAIQv4 public release is scheduled and expected on June 7th.
- The CCMv4.0 Implementation Guidelines final review is currently ongoing. The CCM WG is incorporating into the main body of the guidelines all the accepted changes that were received during the open peer review. Expected delivery is mid-to-end June.
- The CCM leadership is having a meeting on the 17/5 to discuss options for picking up the pace of the IGs final review.
2. CCMv4.0 mapping & gap analysis exercises to AICPA TSC 2017 and CIS v8.0
- Both mappings have been completed by the WG.
- CSA is having discussions with the AICPA group (Audrey, Dorothy and Mimi) for the final acceptance and validation of the CCMv4.0-TSC mapping, also in accordance to AICPA mapping methodology and internal procedures,
- Thomas (CIS) has reviewed the CCMv4-CISv8 mapping and gap analysis results and provided feedback to the CCM WG teams. The feedback has been successfully consolidated, with consensus met and the mapping is delivered.
- The team of reviewers (Renu & Dimitri) on the CCMv4 LOG domain are currently working on mapping 3 new safeguards that were introduced only recently to CISv8 (AP1).
3. CCMv4.0 Auditing Guidelines (AGs) development (Brief update on progress, call for auditors participation)
- AGs development is on schedule with 12/17 CCMv4 domains having a first draft of the corresponding auditing guidelines completed.
- The development is led by auditors who are pushing for a first draft for all CCMv4 domains to be ready for peer review by the end of May.
4. AoB
- Please navigate to the 'Events' tab to find the call information for the upcoming CCM WG meetings.
Action Points (APs)
AP1: The team of reviewers (Renu & Dimitri) on the CCMv4 LOG domain are currently working on mapping 3 new safeguards that were introduced only recently to CISv8.
Permanent Action Points (APs)
PAP1: New members joining the CCM WG activities are kindly invited to consult the "Participation Guidelines" document (path: Library -> CCM -> New Members -> Participation Guidelines) or alternatively contact Lefteris (PM) to bring you up to speed with the CCM WG activities.
Please let me know if anything important is missed above or if you have any questions/comments.
Thank you all for your being active and supporting the CCMV4 development.
Best regards,
------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------