Dear Members,
CSA and the CCM WG are interested to kick-off a new project for developing guidelines that pertain to the Shared Security Responsibility Model (SSRM) and that are to be tailored to each of the total of 197 CCMv4 control specifications.
Introduction
The Shared Security Responsibility Model (SSRM) is inherent to the use of cloud services. It is essential that cloud service customers (CSCs) are fluent in, and up to date on, how they and their cloud service providers (CSPs) share the responsibility for securing their cloud footprint.
The Cloud Controls Matrix (CCM) and existing framework of its underlying components are already SSRM-enhanced and aid CSPs and CSCs delineate their part of controls ownership and implementation responsibility. Nevertheless, a complete SSRM guidance for all controls in the CCMv4 is currently missing.
Objective
The objective of the project is to extend the CCMv4 framework by developing additional guidelines that pertain to the Shared Security Responsibility Model in order to educate cloud customers and help them better understand their security responsibilities within the shared cloud infrastructure.
AWS Support
The project will be supervised by the WG co-chairs and is to be further evaluated & enhanced by AWS that represents the project from the standpoint of the Cloud Service Provider. In that direction, CCM WG co-chair David Nickles (AWS) is working to provide the CCM WG with AWS input.
Timeline
Project is expected to kick-off on December 15th and be completed end of Q3 2023, according to the established 2022-2023 project timeline.
Industry practitioners, cloud security experts, who have a good understanding & experience on the SSRM (especially from cloud controls' implementation standpoint) and are interested in participating & contributing to this project, are kindly invited to contact me.
Note: For convenience, please consider adding your email address to your reply so that I directly invite you to our SSRM call sessions.
Best regards,
------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------