Hi - I am interested to participate in this. I have been doing mapping / cross walks over 7 years.
Original Message:
Sent: Jan 12, 2024 07:20:16 AM
From: Leo Magallon
Subject: Mapping the CCM V4 to Draft NIST CSF v2.0. - Call for Participation
Thanks for the info @Lefteris Skoutaris . I found a Cloud Controls Matrix group that appears to be a private community and a CCM User Group. I am a member of the CCM User Group. Is that the right group?
------------------------------
Leo Magallon
Regional Principal Security Consultant
Trace3
Original Message:
Sent: Jan 11, 2024 09:11:32 AM
From: Lefteris Skoutaris
Subject: Mapping the CCM V4 to Draft NIST CSF v2.0. - Call for Participation
Thank you all for your interest.
Please consider joining the CCM WG calls to discuss further the means of your contribution to the project, or other CCM WG activities.
The mapping has kicked-off and it is in progress.
------------------------------
[Lefteris] [Skoutaris]
[Cloud Controls Matrix, Program Manager]
[Cloud Security Alliance]
Original Message:
Sent: Jan 01, 2024 07:25:28 AM
From: Nilesh Roy
Subject: Mapping the CCM V4 to Draft NIST CSF v2.0. - Call for Participation
Hello and Good Evening Lefteris,
If the opportunity is still available, I would be interested!!
Regards,
Nilesh Roy | +919820094678 | [email protected]
------------------------------
Nilesh Roy Vice President - Technology at SM Networks & S
Vice President - Technology
SM Networks and Solutions Pvt. Ltd.
Mumbai
Original Message:
Sent: Dec 14, 2023 05:19:09 AM
From: Lefteris Skoutaris
Subject: Mapping the CCM V4 to Draft NIST CSF v2.0. - Call for Participation
Dear members,
CCM WG and leadership is interested in pursuing a mapping of CCM V4 to the NIST CSF v2.0 Draft.
Introduction:
This new mapping project involves a mapping and gap analysis and it is expected to kick-off during the CCM WG call next Wednesday, Dec. 20th.
This mapping project follows a previous collaboration that CSA had with NIST with the mapping of CCM to CSF v1.1., that resulted in useful feedback to NIST of cloud security deltas to be included in CSF v2.0. The CCM - NIST CSF v1.1 mapping is published within the current version of CCM V4.0. (see Scope Applicability (Mappings) tab).
The objective of the project is the requirements comparison of the two frameworks. In this way an opportunity is provided for cloud organizations to identify the equivalent (overlapping) security requirements between the two, and more importantly the missing (deltas) cloud-specific CCM V4 security requirements in NIST CSF V2, especially when seeking to integrate these with their cloud security and compliance programs.
In this respect, CSA, and under the umbrella of the CCM WG, would like to put together a team of experts, who have good experience in the implementation/assessment of NIST CSF and/or CCMv4 framework's security controls.
While the CSF v2.0 is not yet at a final version, it is expected that there are not going to be any major changes introduced until its release in early 2024.
CCM WG meetings cadence:
CCM WG has 2 call sessions, one is weekly, the other biweekly. Experts are needed to attend at least our biweekly calls to align to the CCM WG mapping methodology and touch base on progress.
Project duration:
The overall project duration is expected to be approx. 3-4 months.
Should you be interested in participating in the project, please reply back to this thread or message my inbox. Please also consider joining our next week's call.
Feel free to reach out in case you have any questions.
Best regards,
------------------------------
Lefteris Skoutaris
Cloud Controls Matrix, Program Manager
Cloud Security Alliance
------------------------------