Cloud Controls Matrix

CCMv4 Call, May 12th [Meeting Minutes]

  • 1.  CCMv4 Call, May 12th [Meeting Minutes]

    Posted May 17, 2021 07:25:00 AM
    Edited by Eleftherios Skoutaris May 25, 2021 07:29:05 AM

    Dear members,
                          please find below the minutes from our recent CCM WG main and workshop call.

    Brief summary:
    The CAIQv4 development and its review have been finally completed and the questionnaire is prepared for publication on the 7th of June. The CCMv4.0 Implementation Guidelines are currently placed under final peer review. The two mappings exercises have been also completed and discussing next steps with CCM leadership (new mappings to pursue). The CCMv4.0 auditing guidelines development proceeds on schedule.

    Please find below the usual well-structured and detailed minutes section.

    Agenda Items (AIs):

    1. Quick update on all CCMv4.0 activities and components development (IG, CAIQ peer reviews, deadlines, next steps)
    2. CCMv4.0 mapping & gap analysis exercises to AICPA TSC 2017 and CIS v8.0 (Brief update on progress)
    3. CCMv4.0 Auditing Guidelines (AGs) development (Brief update on progress, call for auditors participation)
    4. AoB


    Participants (19):

    Mimi-Blanco Best
    John Britton
    Brian Dorsey
    Angell Duran
    Frank Jaramillo
    Joel John
    Erik Johnson
    Audrey Katcher
    Bala Kaundinya
    Tanya Luster
    Dorothy McQuilken
    Claus Matzke
    Vani Murthy
    Johan Olivier
    Thomas Sager
    Sendhu Sivakumar
    Lefteris Skoutaris (PM)
    David Sztyk
    Dimitri Vekris

     

    Meeting Minutes (MMs):

    1. Quick update on current CCMv4.0 activities and components development (IG, CAIQ peer reviews, deadlines, next steps)

    • The CAIQv4 final review is complete (Many thanks to Tony Snook and the rest of the group). CAIQv4 public release is scheduled and expected on June 7th.
    • The CCMv4.0 Implementation Guidelines final review is currently ongoing. The CCM WG is incorporating into the main body of the guidelines all the accepted changes that were received during the open peer review. Expected delivery is mid-to-end June.
    • The CCM leadership is having a meeting on the 17/5 to discuss options for picking up the pace of the IGs final review.

    2. CCMv4.0 mapping & gap analysis exercises to AICPA TSC 2017 and CIS v8.0
      • Both mappings have been completed by the WG.
      • CSA is having discussions with the AICPA group (Audrey, Dorothy and Mimi) for the final acceptance and validation of the CCMv4.0-TSC mapping, also in accordance to AICPA mapping methodology and internal procedures,
      • Thomas (CIS) has reviewed the CCMv4-CISv8 mapping and gap analysis results and provided feedback to the CCM WG teams. The feedback has been successfully consolidated, with consensus met and the mapping is delivered.
      • The team of reviewers (Renu & Dimitri) on the CCMv4 LOG domain are currently working on mapping 3 new safeguards that were introduced only recently to CISv8 (AP1).

      3. CCMv4.0 Auditing Guidelines (AGs) development (Brief update on progress, call for auditors participation)
      • AGs development is on schedule with 12/17 CCMv4 domains having a first draft of the corresponding auditing guidelines completed.
      • The development is led by auditors who are pushing for a first draft for all CCMv4 domains to be ready for peer review by the end of May.

      4. AoB
      • Please navigate to the 'Events' tab to find the call information for the upcoming CCM WG meetings.

      Action Points (APs)
      AP1: The team of reviewers (Renu & Dimitri) on the CCMv4 LOG domain are currently working on mapping 3 new safeguards that were introduced only recently to CISv8.


      Permanent Action Points (APs)
      PAP1: New members joining the CCM WG activities are kindly invited to consult the "Participation Guidelinesdocument (path: Library -> CCM -> New Members -> Participation Guidelines) or alternatively contact Lefteris (PM) to bring you up to speed with the CCM WG activities.


      Please let me know if anything important is missed above or if you have any questions/comments.
      Thank you all for your being active and supporting the CCMV4 development.
      Best regards,



      ------------------------------
      Eleftherios Skoutaris
      Program Manager
      Cloud Security Alliance
      ------------------------------