The Cloud Security Alliance would like to invite you to review and comment on the Cloud Control Matrix (CCM) addenda for the following standards:
—German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5). (Add your comments to CCM-C5.)
—ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018. (Add your comments to CCM-ISO.)
These CCM addenda aim to help organizations assess and bridge compliance gaps between the CCM and other security frameworks. The documents contain:
- a controls mapping between the above mentioned standards and the CCM (e.g., which control(s) in CCM maps to each given control in ISO27017),
- a gap analysis, and
- compensating controls (i.e. the actual “addendum”).
The CSA and the CCM Working Group hope that organizations will find this document useful for their security compliance programs.
To participate, please follow the links above to the review site. From there, you should be able to navigate to Google Sheets and provide your comments. Please do not provide editorial comments (i.e. grammar, formatting, etc), rather focus instead on the content of the document.
The peer review ends on December 20, 2018. We appreciate your assistance and thank you in advance for your time and contributions.
CSA Research Team