Cloud Controls Matrix

Back to discussions
Expand all | Collapse all

CSA - ECUC Partnership and Call for Experts (Financial Sector - Mapping Project)

  • 1.  CSA - ECUC Partnership and Call for Experts (Financial Sector - Mapping Project)

    Posted Nov 06, 2023 08:21:00 AM

    Dear members,

    This is a call for participation in a mapping review activity between CCM V4 and ECUC Position Paper v2.1.
    The objective to methodically work and validate ECUC's provided input (Mapping) to the CSA and the CCM WG.

    Background info.
    CSA has recently partnered with the European Cloud User Coalition (ECUC) group in the Financial Sector with the objective of aiding financial institutions in satisfying the requirements of adopting cloud computing technologies.

    The ECUC members are standardizing their approach to CSP assessment based on CCM V4. Their objective is to develop a joint position for the use by its members of public cloud technology provided by EU and non-EU cloud service providers (CSPs). In this context, ECUC published a paper (see ECUC PPv2.1 link above) recommending, among other matters, the adoption of "model clauses" for the long-term compliant use of cloud technologies.

    In this regard, CSA and CCM WG are interested in investigating the means of alignment between CCM and ECUC Framework and identify gaps in ECUC PPv2.1 that can be used towards the development of a CCM V4 Addendum for the Financial Sector.

    Collaboration Status & Project Objective.
    Just recently, ECUC delivered back to us a "forward" and "reverse" mapping between CCM V4 and the ECUC PPv2.1.
    Our task is to review both mappings and gaps listed and refine them where deemed necessary in alignment to the CCM WG mapping methodology.

    Project Duration.
    The project is expected to last from 2-3 months.
    SMEs are expected to dedicate 2-3 hrs / week.

    Call for Experts.
    The CSA, and under the umbrella of the CCM WG, would like to put together a team of experts to drive the mapping project, who satisfy all the following criteria:

    • Have good knowledge/experience in the implementation and/or assessment of CCMv4 controls.
    • Are familiar with control frameworks' mappings (knowledge of CCM WG mapping methodology is a plus
    • Are passionate about cyber/cloud security and are eager to learn new things, commit and support this project  

    Project Contact.
    Should you be interested in participating in this project, consider replying directly to this message (or contact me at [email protected]). 



    ------------------------------
    Lefteris Skoutaris
    ------------------------------