This document is an addendum to the CCM V3.0.1 controls. It contains the
additional controls that serves to bridge the gap between CCM and the
German Federal Office for Information Security (BSI) Compliance Controls
Catalogue (C5). The document includes: • A mapping between the controls in
the mentioned standards and CCM (e.g. which control(s) in CCM maps to each
given control in the C5). • A gap analysis • Compensating controls (i.e.
the actual “addendum”). The purpose of the document is to help
organisations assess and bridge compliance gaps between these standards.
The document is structured as follows: Columns A-B-C contain details of the
C5 standard, Column D provides the gap identification, Column E contains
the controls mapping, Column F provides the gap analysis details and
finally the Column G provides the compensating controls. The CSA and the
CCM working group hope that organizations will find this document useful
for their cloud security compliance programs. The contents of this document
could contain technical inaccuracies, typographical errors and out-of-date
information. This work was partly funded by the EU H2020 project EU-SEC
under the Grant No. 731845.