Cloud Controls Matrix

Back to discussions
Expand all | Collapse all

CCMv4 Workshop Session - February 25th [Meeting Minutes]

  • 1.  CCMv4 Workshop Session - February 25th [Meeting Minutes]

    Posted Mar 02, 2021 05:09:00 AM

    Hi everyone,
                        please find below the minutes from our recent workshop session on 25/02 (with a couple of updates included since then).

    Agenda Items (AIs)

    1. Touch base on the progress status of the 3 mappings, Implementation Guidelines development and their update
    2. Kick-off the CCMv4.0 Controls Applicability Matrix development and applicability mapping of 14 new CCMv4 controls
    3. Visit PM consistency checks for the CCMv4.0 - CCMv3.0.1 mapping and pending comments resolution
    4. AoB

     

    Participants (14):

    Renu Bedi
    Madhav Chablani
    Brian Dorsey
    Angell Duran
    Roberto Hernandez
    Erik Johnson
    Bala Kaundinya
    Giovanni Massard
    Claus Matzke
    Vani Murthy
    Johan Olivier
    Michael Roza
    Lefteris Skoutaris (PM)
    Ashish Vashishtha

    Meeting Minutes (MMs)

    1. Touch base on the progress status of the 3 mappings, Implementation Guidelines development and their update
    • The objective of the 'update' exercises is to adapt the mappings/CAM to the changes that were introduced with the release of CCMv4.0 final and develop implementation guidelines for the 14 new controls that were also introduced.

    CCMv4.0 - CCMv3.0.1 Mapping Update
    • Deadline has expired and extended to March 5th,
    • 16/17 domains have been updated based on CCMv4.0 final, 1 domains remains that is 'In good progress' (both reviewers are currently consolidating their comments into a final result),
    • Johan & Rajeev are meeting today to finalize it (2/3).

    CCMv4.0 - TSC 2017 Mapping Update
    • Deadline is set for March 4th (which is to be extended to hard deadline of March 10th),
    • 13/17 domains delivered, remaining 2 are 'In progress' and 2 'In good progress',
    • Professionals are kindly invited to visit the mapping tool and consult the pending actions under column 'H' (AP1),
    • All professionals participating in the exercise have been contacted.

    CCMv4.0 – ISO27001/02/17/18 Mapping Update
    • Deadline is set for March 10th,
    • 2/17 domains have been checked and updated, remaining updates for the rest of the domains are pending,
    • Professionals are kindly invited to visit the mapping tool and consult the pending actions under column 'H' (AP1),
    • All professionals participating in the exercise have been contacted.

    CCMv4.0 Implementation Guidelines (Final Draft)

    • Work is complete, congratulations and many thanks to the team for delivering the CCMv4.0 IG final draft version,
    • The next step to the IG is to place it under open peer review by the wider CSA community and partners, expected to be published online on March 15th,
    • Special thanks to Vani Murthy for her great contribution for developing the IG of the 9 total new controls of the IAM domain and 1 control per UEM and IVS, as introduced with V4 final.

    2. Kick-off the CCMv4.0 Controls Applicability Matrix development and applicability mapping of 14 new CCMv4 control
    • The development of the CAM for the total of 14 new controls introduced with V4 final was kicked-off (see snapshot below),
    • CCM leadership & co-chairs have scheduled a meeting on 4/3 to discuss next steps and evolution of the CAM for CCMv4.0.
    • Professionals are kindly invited to visit the mapping tool and consult the pending actions under column 'I' (AP1),
    • Deadline is set for March 12th.

    3. Visit PM consistency checks for the CCMv4.0 - CCMv3.0.1 mapping and pending comments resolution
    • PM conducted consistency checks in collaboration with the corresponding professionals for the domains CEK, IPY and BCR, which are final and ready for publication,
    • PM will carry on consistency checks for the domains: STA, SEF, A&A and DCS (AP2).

    4. AoB
    •  Next CCMv4 workshop call is scheduled on March 4th, 6 pm EEST (8 am PST/ 5 pm CET/ 11 am EST),

    Action Points (APs)
    AP1: Professionals are kindly invited to consult column 'H' under 'Progress Status' tab for pending actions per each ongoing activity (AI-1,2,3).
    AP2: PM will carry on consistency checks for the domains: STA, SEF, A&A and DCS.


    Please let me know if anything important is missed above. 
    Thank you all for your attendance and support.
    Best regards,

    Lefteris
    CCM WG PM



      CCMv4.0 - CCMv3.0.1 Mapping Update - Progress Status Snapshot

      CCMv4.0 - TSC 2017 Mapping Update - Progress Status Snapshot

      CCMv4.0 - ISO27001/02/17/18 Mapping Update - Progress Status Snapshot


      CCMv4.0 IG Development - Progress Status Snapshot


      CCMv4.0 Controls Applicability Matrix Update - Progress Status Snapshot


      ------------------------------
      Eleftherios Skoutaris
      Program Manager
      Cloud Security Alliance
      ------------------------------