Dear members,
please find below the joint minutes from our recent workshop call.
Brief summary:
- The CCM WG is currently working on developing the 'introduction' section of the CCMv4.0 Implementation Guidelines documentation.
- Members of the community are kindly invited to contribute to the sub-/sections of the document. The document is scheduled for release during the CSA Sectember event mid September.
- The CCMv4 - PCI DSS v3.2.1 mapping and gap analysis is progressing well with 12/17 domains mappings completed.
- In need for a 2nd reviewer on IVS and LOG domains mapping to PCI-DSS,
Please find below the usual well-structured and detailed minutes section.
Agenda Items (AIs):
- CCMv4.0 Implementation Guidelines development
- Mapping & gap analysis exercises
- AoB
Participants (10):
Geoff Bird
John Britton
Madhav Chablani
Angell Duran
Frank Jaramillo
Joel John
Erik Johnson
Claus Matzke
Johan Olivier
Lefteris Skoutaris (PM)
Meeting Minutes (MMs):
1. CCMv4.0 Implementation Guidelines development
- The main content of implementation guidelines per each of the 17 CCMv4 cloud security domains is final and currently undergoing a copyediting process,
- The group is working on the introduction section of the same document (exec. summary, introduction, glossary, etc.),
- A great team of professionals, consisting of: Geoff Bird, Madhav Chablani, Angell Duran, Joel John, Erik Johnson, Bala Kaundinya, Claus Matzke, Johan Olivier, Michael Roza, are developing the introduction section of the document and providing a description for each CCM domain and its usefulness to cloud organizations,
- The implementation guidelines are to be published both in document form and in the CCMv4.0 excel sheet as an additional tab,
- PM is encoding the guidelines into YAML format for more efficient versioning and error control.
2. Mapping & gap analysis exercises (Update on activities)
- CSA has kicked-off a new mapping activity of CCMv4.0 and PCI DSSv3.2.1, hard deadline is set for 15/8,
- The mapping on 12/17 CCM domains has been successfully completed (incl. a 2nd review),
- Johan has consolidated all comments provided by Angell on the 2nd validation review for the mapping of HRS,
- Geoff has successfully validated all mappings done by Michael on CES,
- Tanya had to step down on the 2nd review of IVS and LOG, need a 2nd reviewer to carry on these reviews,
- Renu and Joel conducted 2nd review on STA and TVM respectively,
- Professionals are kindly invited to visit the 'Status Description' tab of the mapping tool for any pending actions on their end (AP1).
Snapshot of 'CCMv4-PCI DSSv3.2.1' tool's progress tab
3. AoB
- Please navigate to the 'Events' tab to find the call information for the upcoming CCM WG meetings.
- CSA will announce soon the kick-off activity for the mapping of CCMv4 to NIST 800-53 rev4/5, possibly at next week's main CCMv4 call (plus in Circle)
Action Points (APs)
AP1: Professionals are kindly invited to visit the 'Status Description' tab of the CCMv4 - PCI DSSv3.2.1 mapping tool for any pending actions on their end (AP1).
Please let me know if anything important is missed above or if you have any questions/comments.
Thank you all for your being active and supporting us.
Best regards,
------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------