Delivering Continuous Compliance using CSA CCM and NIST OSCAL
Release Date: 09/19/2021
In our rapidly changing information technology portfolios, compliance, as imagined typically, does not match compliance as implemented. CSA has recently released the Cloud Controls Matrix (CCM) v4, providing guidance on which security controls should be implemented by which actor within a cloud supply chain, replete with mappings to multiple industry standards and frameworks. NIST has also recently released version 1.0 of the Open Security Controls Assessment Language (OSCAL), providing a standardized format to automate control-based assessments expressible in both human and machine-readable formats. In this session, we will discuss these new releases and how you can couple CSA’s CCM, NIST OSCAL and a free tool to build and deliver continuously compliant artifacts. Additionally, we will demonstrate how you can use the same assessment information to comply with multiple standards simultaneously, delivering significant time and financial savings.