CCM Addenda Updates for Two Additional Standards

By the CSA CCM Working Group


Dear Colleagues,

We’re happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards:
— German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5) 
ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018

These CCM addenda aim to help organizations assess and bridge compliance gaps between the CCM and other security frameworks. 

The documents contain:  

  • A controls mapping between the above mentioned standards and the CCM (e.g. which control(s) in CCM maps to each given control in ISO27017).
  • A gap analysis
  • Compensating controls (i.e. the actual “addendum”)

Additionally, the addendum for the German BSI C5 contains both mappings and reverse mappings.

The CSA and the CCM Working Group hope that organizations will find this document useful for their security compliance programs. 

Best Regards,
CSA CCM Working Group

1 thought on “CCM Addenda Updates for Two Additional Standards

  1. Are there plans to update the CCM to incorporate the new GDPR requirements/regulations as well as NYDFS in the US?

Leave a Reply

The name and email fields are solely used to comment on posts. Cloud Security Alliance does no further processing of this data. See Section 3 of the CSA Privacy Policy for details.



Share this content on your favorite Social Network.