CSA CCM - CISA ZT MM Mapping and Overlay: Peer Review Intro Presentation to the CSA ZT workgroup.
Lefteris Skoutaris, the CSA lead for the Cloud Controls Matrix, provided a presentation for interested members of the CSA ZT working group on the CCM V4 - CISA ZT MM V2 Mapping and Overlay project documentation that's going into an abbreviated public peer review 12/3-17. The presentation was recorded for subsequent viewing.
Peer review announcement: CISA Zero Trust MMv2.O Overlay to CCMv4.O
Project Description: This project aims to assist organizations in various stages of their Zero Trust(ZT) implementation, particularly in the context of cloud computing and security. The focus is on aligning the Cloud Security Alliance's (CSA) Cloud Controls Matrix (CCM) v4.O with the Zero Trust Maturity Model (ZTMM) v2.0developed by the Cybersecurity and Infrastructure Security Agency (CISA). By mapping relevant CCM controls to the CISA ZTMM this project illustrates the controls' relationship with ZT Pillars and cross-cutting capabilities, offering guidance on how each control can support organizations in progressing through the ZT maturity model.
The overarching goal is to anchor ZT implementation and operationalization efforts with well-established cloud security controls, facilitating governance, risk management, and compliance (GRC) in a Zero Trust environment. This mapping and gap analysis serves as strategic tool for organizations to navigate the complexities of ZT adoption, while also highlighting any areas where CCM controls may need to be expanded or adapted to fully support ZT best practices.
Peer review link: https://cloudsecurityalliance.org/artifacts/ccm-v4-cisa-zero-trust-maturity-model-v2-0-mapping