Today, Guncha, Igor, and John met. Igor presented his write-up in a Word document, which contains end-end implementation steps for Controls CEK-19, 21, DSP-01, CCC-01. John suggests Igor re-write and expand it into a QSS implementation guide targeting security GRC persons who are not familiar with both CSA CCM and QSS. John suggests the current work of adding QSS steps to the implementation and audit guides targets the audience who are familiar with the CCM but not familiar with QSS. As next steps, John suggests 1) merge the proposed QSS additions to the current CCM implementation and audit guides in draft (vs. the published version) and, 2) consult the WG on the next scope of review.
------------------------------
John Jiang
------------------------------
Original Message:
Sent: Mar 29, 2024 08:22:08 AM
From: John Jiang
Subject: Reviewers Wanted: QSS Governance/Security Controls Project
Today, Guncha, Igor and I met. We introduced to Guncha the changes of the document format since her last meeting with the group. We discussed the additions that Igor proposed via email on CEK-19, 21 and DSP-01 and DCS-05. Igor will put in proposed additions in Guideline columns in the spreadsheet. Addition to Controls or revision of Control Specifications are out of the scope and should be brought to the CCM WG.
------------------------------
John Jiang
Original Message:
Sent: Mar 15, 2024 09:47:43 AM
From: John Jiang
Subject: Reviewers Wanted: QSS Governance/Security Controls Project
Today, Igor, Nuno and I met. I granted Igor access to the QSS Governance folder. We decided
- The Implementation Guidelines and Audit Guidelines are what the sub-WG add or revise
- Any addition or revision to the Control Specification should be brought to the CCM WG or get CSA support.
------------------------------
John Jiang
Original Message:
Sent: Mar 13, 2024 09:41:22 AM
From: Hillary Baron
Subject: Reviewers Wanted: QSS Governance/Security Controls Project
The Governance/Security Controls subgroup is ready for review of some of their work. The QSS relevant additions and revisions are in the Implementation Guide column in the Implementation Guide sheet. Please provide your feedback via comments directly in the spreadsheet.
https://docs.google.com/spreadsheets/d/1QDcgd6gecTlusD3xf5Ns4GEpnHbVk-JP/edit#gid=1050476024
Please reach out to myself or John if you have any questions.
------------------------------
Hillary Baron
Sr Technical Director
CSA
------------------------------