Circle
Events
Blog

Download Publication

Enterprise Architecture v2 to CCM v3.01 Mapping Guide
Enterprise Architecture v2 to CCM v3.01 Mapping Guide

Enterprise Architecture v2 to CCM v3.01 Mapping Guide

Release Date: 05/18/2021

The Enterprise Architecture (EA) is the CSA’s standard cloud reference architecture, while the Cloud Controls Matrix (CCM) is the CSA’s standard control set. By applying the CCM controls, an organization ensures that the EA is operating securely. However, until now, the link between the EA and CCM has never been demonstrated. The EA v2 to CCM v3.0.1 Mapping relates the Enterprise Architecture 2.0 and Cloud Controls Matrix 3.0.1, showing how they can be used together to secure an enterprise architecture.

This document by CSA’s EA Working Group serves as an overview and explanation of the EA to CCM Mapping. We first define the CSA EA and CSA CCM, then demonstrate through example how the mapping was accomplished. After this, the mapping results are provided and explained in a summary. Click here to access the Enterprise Architecture v2 to CCM v3.01 Mapping itself.

For a full explanation of CSA’s Enterprise Architecture, including a description of each domain and its components, refer to the Enterprise Architecture v2 Reference Guide. For quick reference and a visual representation, refer to the Enterprise Architecture Reference Diagram.

Key Takeaways:
  • An overview of CSA’s EA and CCM
  • An example of how an EA component was mapped to the relevant CCM controls
  • Statistics from the mapping, including the mapping universe, the count of the CCM controls that relate to each EA component, and the percentage of the controls identified as relating to each component
Who It’s For:
  • Cybersecurity architects
  • Cloud engineers
  • Cloud security professionals
  • Compliance professionals

Download this Resource

LoginCreate Account

Prefer to access this resource without an account? Download it now.

Acknowledgements

Michael Roza Headshot
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 75 CSA projects completed by CSA's Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, Software-Defined Perimeter, Applications, Containers, and Microservices, and other working groups. In, 2020 he also served as co-chair to CSA's Enterprise Architecture and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, S...

Read more

Jon-Michael Brook Headshot
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in...

Read more

Ashish Vashishtha Headshot
Ashish Vashishtha
Cybersecurity - Sr. Risk Manager & Security Architect at IBM

Ashish Vashishtha

Cybersecurity - Sr. Risk Manager & Security Architect at IBM

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Renu Bedi Headshot
Renu Bedi
Manager-IT Security

Renu Bedi

Manager-IT Security

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?