Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

Download Publication

Enterprise Architecture v2 to CCM v3.01 Mapping Guide
Enterprise Architecture v2 to CCM v3.01 Mapping Guide

Enterprise Architecture v2 to CCM v3.01 Mapping Guide

Release Date: 05/18/2021

The Enterprise Architecture (EA) is the CSA’s standard cloud reference architecture, while the Cloud Controls Matrix (CCM) is the CSA’s standard control set. By applying the CCM controls, an organization ensures that the EA is operating securely. However, until now, the link between the EA and CCM has never been demonstrated. The EA v2 to CCM v3.0.1 Mapping relates the Enterprise Architecture 2.0 and Cloud Controls Matrix 3.0.1, showing how they can be used together to secure an enterprise architecture.

This document by CSA’s EA Working Group serves as an overview and explanation of the EA to CCM Mapping. We first define the CSA EA and CSA CCM, then demonstrate through example how the mapping was accomplished. After this, the mapping results are provided and explained in a summary. Click here to access the Enterprise Architecture v2 to CCM v3.01 Mapping itself.

For a full explanation of CSA’s Enterprise Architecture, including a description of each domain and its components, refer to the Enterprise Architecture v2 Reference Guide. For quick reference and a visual representation, refer to the Enterprise Architecture Reference Diagram.

Key Takeaways:
  • An overview of CSA’s EA and CCM
  • An example of how an EA component was mapped to the relevant CCM controls
  • Statistics from the mapping, including the mapping universe, the count of the CCM controls that relate to each EA component, and the percentage of the controls identified as relating to each component
Who It’s For:
  • Cybersecurity architects
  • Cloud engineers
  • Cloud security professionals
  • Compliance professionals
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources
Enterprise Authority To Operate (EATO) Controls Framework
Enterprise Authority To Operate (EATO) Controls...
CCM v4.0 Implementation Guidelines
CCM v4.0 Implementation Guidelines
Cloud Controls Matrix and CAIQ v4
Cloud Controls Matrix and CAIQ v4
New Cloud Security Guidance from CSA
New Cloud Security Guidance from CSA
Published: 07/17/2024
Data Breach Accountability: Who’s to Blame?
Data Breach Accountability: Who’s to Blame?
Published: 07/16/2024
The Cybersecurity Tower of Babel Requires Focus on Business Fundamentals: Part 1
The Cybersecurity Tower of Babel Requires Focus on Business Fundame...
Published: 07/11/2024
How CSA Corporate Membership Enhances Your STAR Submission
How CSA Corporate Membership Enhances Your STAR Submission
Published: 07/09/2024

Acknowledgements

Michael Roza
Michael Roza
Risk, Control and Compliance Professional at EVC

Michael Roza

Risk, Control and Compliance Professional at EVC

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Jon-Michael Brook
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Jon-Michael received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. He holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction...

Read more

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Renu Bedi
Renu Bedi
Manager-IT Security

Renu Bedi

Manager-IT Security

Jeff Maley Headshot Missing
Jeff Maley

Jeff Maley

Sean Heide
Sean Heide
Technical Research Director, CSA

Sean Heide

Technical Research Director, CSA

Michael Theriault Headshot Missing
Michael Theriault

Michael Theriault

Rolando Marcelo Vallejos Headshot Missing
Rolando Marcelo Vallejos

Rolando Marcelo Vallejos

Henry Werchan Headshot Missing
Henry Werchan

Henry Werchan

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training