Cloud Controls Matrix

CCM V4 SSRM Project – Review of SSRM Guidelines Draft (Call for cloud experts)

  • 1.  CCM V4 SSRM Project – Review of SSRM Guidelines Draft (Call for cloud experts)

    Posted May 29, 2023 07:38:00 AM
    Edited by Lefteris Skoutaris May 29, 2023 07:39:32 AM

    Dear members,

    Cloud Security Alliance (CSA) and the Cloud Controls Matrix (CCM) WG would like to invite cloud organizations and cloud security experts to participate in the review of the "Draft" version of the CCM V4 control ownership & implementation guidelines that are developed in alignment to the Cloud Shared Security Responsibility Model (SSRM).

    Purpose and Scope of CCM V4 SSRM Project
    The Shared Security Responsibility Model (SSRM) is inherent to the use of cloud services. It is essential that cloud service customers (CSCs) are fluent and current in understanding how they and their cloud service providers (CSPs) share the responsibility for securing their cloud footprint.
    The CSA, the CCM WG and our industry partners are interested in extending the CCM V4 framework and to develop SSRM implementation guidelines for all 17 security domains and the total of 197 control specifications in the CCM, in order to help cloud stakeholders delineate their security responsibilities within the shared cloud infrastructure.
    The project kicked-off in January this year, and the CCM WG only recently has delivered a first draft of the SSRM Guidelines for CCM. CSA would like to invite you to review this initial draft and share your feedback.

    Review Objective
    The objective of this review is twofold:

    1. Assess SSRM Guidelines Usefulness.
    The invitation is especially targeting Cloud organizations that are new to the cloud and are seeking for a comprehensive SSRM implementation guidance that is tailored to the CCM V4 controls, enabling them to better understand the controls semantics, the CSP and CSC responsibilities and how the controls should be implemented by each party & according to each service model (IaaS/PaaS/SaaS). Your feedback is valuable to help CSA and the CCM WG evaluate the 'practical' usefulness of the SSRM guidelines and improve them where needed during this first review phase.

    2. Assess SSRM Guidelines Correctness & Completeness.
    The invitation is also extended towards Cloud organizations with mature cloud security programs and highly experienced cloud security experts who are eager to help CSA and the CCM WG to improve the SSRM guidelines by identifying possible areas where they might be incomplete and/or incomprehensible.

    Review Period
    The review period is expected to begin on June 1st and last for a 1-1,5 months. After this period, the CCM WG is then going to collect & organize the provided feedback and with the help of experts consolidate it into an "CCM V4 SSRM guidelines" final draft version.

    About the Review
    Should you wish to participate in the review and learn more about the SSRM project, the completed drafts, the review methodology and relevant documents, please consider contacting directly the CCM WG program manager Lefteris Skoutaris ([email protected]).

    Best regards,

    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance