Cloud Controls Matrix

Back to discussions
Expand all | Collapse all

Auditing Guidelines dev. Team Call - May 21st [Meeting Minutes]

  • 1.  Auditing Guidelines dev. Team Call - May 21st [Meeting Minutes]

    Posted May 25, 2021 02:45:00 AM

    Hi everyone,
                        please find below a status update for the CCM AGs dev. exercise and the minutes from our recent call session.

    The activity is currently missing an auditor to help us out on the development of auditing guidelines for the IAM domain ( contact the PM (Lefteris), if interested).

    Relevant documentation:
    • CCMv4.0 Auditing Guidelines worksheet (Input document)
    • CCAK extract: module 7 CCM Auditing Guidelines (supportive documentation)
    • CCAK extract: CCM Audit Workbook (supportive documentation)


    Agenda Items (AIs):

    1. Touch base on the progress status of Auditing Guidelines (AGs) development
    2. AoB


    Participants (8):
    Parminder Bawa
    Sanjeev Gupta
    Jan Jacobsen
    Bilal Khattak
    Vani Murthy
    Johan Olivier
    Agnidipta Sarkar
    Lefteris Skoutaris (PM)

     

    Meeting Minutes (MMs)

    1. Touch base on the progress status of Auditing Guidelines (AGs) development
    • Teams have been doing a great job and already drafted AGs for a total of 16/17 CCMv4.0 domains (with AGs in 4 domains -BCR, CEK, IAM, SEF- pending a 2nd review),
    • Damian, Jan and Bilal have completed the AGs for the CEK domain,
    • Sanjeev reviewed the progress on IAM and confirmed alignment to the rest of the works,
    • Tanya has drafted the AGs for the IAM domain,
    • Waiting for Renu and Ashish on STA,
    • Professionals participating in the exercise are kindly invited to consult the 'Progress Status' tab (column H) for any pending actions on their end (AP1),
    • Hard Deadline is set on 31/5 for delivering a first draft of auditing guidelines for all CCMv4.0 domains.

    Snapshot taken from 'progress status' tab of the AG workbook

    2. AoB

    • Next CCMv4.0 AG dev. call is scheduled on May 28th, 5 pm EEST (7am PST / 10am EST / 4pm CET).

    Action Points (APs)

    AP1: Professionals participating in the exercise are kindly invited to consult the 'Progress Status' tab (column H) for any pending actions on their end.



    Please let me know if anything important is missed above. 
    Thank you all for your attendance and support.
    Best regards,

    ------------------------------
    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance
    ------------------------------