Dear members,Mappings are a useful tool for cloud organizations to identify the equivalent (overlapping) security requirements between CCM V4 and a target framework, and more importantly the missing cloud-specific CCM security requirements (deltas), especially when cloud organizations are seeking to integrating these missing requirements within their cloud security and compliance programs.
The CCM V4 is currently mapped with the following frameworks:
Mapping to NIST CSF v1.1 is completed and soon is to be published.Mapping to PCI DSS V4 is in progress.
What are other frameworks the CCM WG should prioritize to map CCM V4 with, and more importantly, why?
How about the FedRAMP (Moderate or High?) version of the NIST 800-53 controls and baseline?Which NIST baseline did we use to determine the control set for the 800-53 V5 mapping - Low, Moderate, High?
Hi Erik,Thank you for your reply.FedRAMP is a framework the CCM WG & leadership team should definitely consider mapping to CCM V4.Whether or not it is finally selected depends on various factors (e.g., in terms of prioritization, leadership support).The High Impact control set of 800-53r5 is currently mapped to CCM V4.