Dear members,
CSA and the CCM WG would like to embark on a new project that involves a mapping and gap analysis between the CCM v4.0 and the new version of
ISO/IEC 27002:2022, recently published.
As you might already know CSA's STAR program and
STAR level 2 Certification combines the best of two worlds, ISO/IEC 27001:2013 and CCMv4.0. O
rganizations that wish to migrate to the cloud are able to build cloud security requirements on top of ISO27001 and meet also compliance to CCM.The objective of the project is the requirements comparison of the 2 frameworks. In this way an opportunity is provided for organizations to identify the equivalent security requirements between the two, and more importantly the missing cloud-specific CCM security requirements in ISO/IEC 27001/02, especially when seeking to integrating these with their cloud security and compliance programs.
In this respect, CSA, and under the umbrella of the CCM WG, would like to put together a team of experts, who have good experience in the implementation/assessment of ISO27001/02 and/or CCMv4 security controls. Should you be interested in participating in the project, please contact me and I will walk you through the on-boarding process and mapping methodology.
Best regards,
------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------