The Inner Circle

Dear members,

Mappings are a useful tool for cloud organizations to identify the equivalent (overlapping) security requirements between CCM V4 and a target framework, and more importantly the missing cloud-specific CCM security requirements (deltas), especially when cloud organizations are seeking to integrating these missing requirements within their cloud security and compliance programs.

The CCM V4 is currently mapped with the following frameworks:

• AICPA TSC (2017)
• CCM v3.0.1
• CIS v8.0
• ISF SOGP 2022
• ISO/IEC 27001 (2013, 2022)
• ISO/IEC 27002 (2013, 2022)
• ISO/IEC 27017 (2015)
• ISO/IEC 27018 (2019)
• NIST 800-53r5
• PCI DSS v3.2.1

Mapping to NIST CSF v1.1 is completed and soon is to be published.
Mapping to PCI DSS V4 is in progress.

What are other frameworks the CCM WG should prioritize to map CCM V4 with, and more importantly, why?

Hello, I would say NIST CSF v2. An early release is already here to start to allow to plan: https://www.nist.gov/system/files/documents/2023/04/24/NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf

Dear members,

Mappings are a useful tool for cloud organizations to identify the equivalent (overlapping) security requirements between CCM V4 and a target framework, and more importantly the missing cloud-specific CCM security requirements (deltas), especially when cloud organizations are seeking to integrating these missing requirements within their cloud security and compliance programs.

The CCM V4 is currently mapped with the following frameworks:

• AICPA TSC (2017)
• CCM v3.0.1
• CIS v8.0
• ISF SOGP 2022
• ISO/IEC 27001 (2013, 2022)
• ISO/IEC 27002 (2013, 2022)
• ISO/IEC 27017 (2015)
• ISO/IEC 27018 (2019)
• NIST 800-53r5
• PCI DSS v3.2.1

Mapping to NIST CSF v1.1 is completed and soon is to be published.
Mapping to PCI DSS V4 is in progress.

What are other frameworks the CCM WG should prioritize to map CCM V4 with, and more importantly, why?

Thank you Louise.
CSA has provided useful input to the NIST CSF team with regards to possible improvements for CSF v2.0 and the making of a cloud Profile for CSFv1.1 based on the mapping that was jointly conducted.
We are certainly interested in mapping CCM V4 to CSF v2.0. when a final version is published.
Best regards,
Lefteris

Hello, I would say NIST CSF v2. An early release is already here to start to allow to plan: https://www.nist.gov/system/files/documents/2023/04/24/NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf

Dear members,

Mappings are a useful tool for cloud organizations to identify the equivalent (overlapping) security requirements between CCM V4 and a target framework, and more importantly the missing cloud-specific CCM security requirements (deltas), especially when cloud organizations are seeking to integrating these missing requirements within their cloud security and compliance programs.

The CCM V4 is currently mapped with the following frameworks:

• AICPA TSC (2017)
• CCM v3.0.1
• CIS v8.0
• ISF SOGP 2022
• ISO/IEC 27001 (2013, 2022)
• ISO/IEC 27002 (2013, 2022)
• ISO/IEC 27017 (2015)
• ISO/IEC 27018 (2019)
• NIST 800-53r5
• PCI DSS v3.2.1

Mapping to NIST CSF v1.1 is completed and soon is to be published.
Mapping to PCI DSS V4 is in progress.

What are other frameworks the CCM WG should prioritize to map CCM V4 with, and more importantly, why?

Dear members,

Mappings are a useful tool for cloud organizations to identify the equivalent (overlapping) security requirements between CCM V4 and a target framework, and more importantly the missing cloud-specific CCM security requirements (deltas), especially when cloud organizations are seeking to integrating these missing requirements within their cloud security and compliance programs.

The CCM V4 is currently mapped with the following frameworks:

• AICPA TSC (2017)
• CCM v3.0.1
• CIS v8.0
• ISF SOGP 2022
• ISO/IEC 27001 (2013, 2022)
• ISO/IEC 27002 (2013, 2022)
• ISO/IEC 27017 (2015)
• ISO/IEC 27018 (2019)
• NIST 800-53r5
• PCI DSS v3.2.1

Mapping to NIST CSF v1.1 is completed and soon is to be published.
Mapping to PCI DSS V4 is in progress.

What are other frameworks the CCM WG should prioritize to map CCM V4 with, and more importantly, why?