Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CCM Addenda Updates for Two Additional Standards

Published 01/21/2019

CCM Addenda Updates for Two Additional Standards

By the CSA CCM Working Group

We're happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards:
— German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5)
ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018

These CCM addenda aim to help organizations assess and bridge compliance gaps between the CCM and other security frameworks.

The documents contain:

  • A controls mapping between the above mentioned standards and the CCM (e.g. which control(s) in CCM maps to each given control in ISO27017).
  • A gap analysis
  • Compensating controls (i.e. the actual “addendum”)

Additionally, the addendum for the German BSI C5 contains both mappings and reverse mappings.

The CSA and the CCM Working Group hope that organizations will find this document useful for their security compliance programs.

Best Regards,
CSA CCM Working Group

Share this content on your favorite social network today!