By the CSA CCM Working Group
We’re happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards:
— German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5)
— ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018
These CCM addenda aim to help organizations assess and bridge compliance gaps between the CCM and other security frameworks.
The documents contain:
- A controls mapping between the above mentioned standards and the CCM (e.g. which control(s) in CCM maps to each given control in ISO27017).
- A gap analysis
- Compensating controls (i.e. the actual “addendum”)
Additionally, the addendum for the German BSI C5 contains both mappings and reverse mappings.
The CSA and the CCM Working Group hope that organizations will find this document useful for their security compliance programs.
CSA CCM Working Group