Cloud 101CircleEventsBlog
Join AT&T's experts & CSA's Troy Leach on April 4 to boost your cyber resilience in 2024!

Download Publication

Enterprise Architecture v2 to CCM v3.01 Mapping Guide
Enterprise Architecture v2 to CCM v3.01 Mapping Guide

Enterprise Architecture v2 to CCM v3.01 Mapping Guide

Release Date: 05/18/2021

The Enterprise Architecture (EA) is the CSA’s standard cloud reference architecture, while the Cloud Controls Matrix (CCM) is the CSA’s standard control set. By applying the CCM controls, an organization ensures that the EA is operating securely. However, until now, the link between the EA and CCM has never been demonstrated. The EA v2 to CCM v3.0.1 Mapping relates the Enterprise Architecture 2.0 and Cloud Controls Matrix 3.0.1, showing how they can be used together to secure an enterprise architecture.

This document by CSA’s EA Working Group serves as an overview and explanation of the EA to CCM Mapping. We first define the CSA EA and CSA CCM, then demonstrate through example how the mapping was accomplished. After this, the mapping results are provided and explained in a summary. Click here to access the Enterprise Architecture v2 to CCM v3.01 Mapping itself.

For a full explanation of CSA’s Enterprise Architecture, including a description of each domain and its components, refer to the Enterprise Architecture v2 Reference Guide. For quick reference and a visual representation, refer to the Enterprise Architecture Reference Diagram.

Key Takeaways:
  • An overview of CSA’s EA and CCM
  • An example of how an EA component was mapped to the relevant CCM controls
  • Statistics from the mapping, including the mapping universe, the count of the CCM controls that relate to each EA component, and the percentage of the controls identified as relating to each component
Who It’s For:
  • Cybersecurity architects
  • Cloud engineers
  • Cloud security professionals
  • Compliance professionals
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources
Defining the Zero Trust Protect Surface
Defining the Zero Trust Protect Surface
The Six Pillars of DevSecOps - Collaboration and Integration
The Six Pillars of DevSecOps - Collaboration an...
The State of Security Remediation 2024
The State of Security Remediation 2024
How to Secure Business-Critical Applications
How to Secure Business-Critical Applications
Published: 03/28/2024
For Game-Changing Cloud Workload Protection, Focus on Quality Over Quantity
For Game-Changing Cloud Workload Protection, Focus on Quality Over ...
Published: 03/27/2024
Architecture Drift: What It Is and How It Leads to Breaches
Architecture Drift: What It Is and How It Leads to Breaches
Published: 03/22/2024
Email Security Best Practices for 2024 (and Beyond)
Email Security Best Practices for 2024 (and Beyond)
Published: 03/19/2024

Acknowledgements

Michael Roza
Michael Roza
Head of Risk, Audit, Control and Compliance

Michael Roza

Head of Risk, Audit, Control and Compliance

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Jon-Michael Brook
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in...

Read more

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Renu Bedi
Renu Bedi
Manager-IT Security

Renu Bedi

Manager-IT Security

This person does not have a biography listed with CSA.

Sean Heide
Sean Heide
Technical Research Director, CSA

Sean Heide

Technical Research Director, CSA

This person does not have a biography listed with CSA.

Michael Theriault Headshot Missing
Michael Theriault

Michael Theriault

This person does not have a biography listed with CSA.

Rolando Marcelo Vallejos Headshot Missing
Rolando Marcelo Vallejos

Rolando Marcelo Vallejos

This person does not have a biography listed with CSA.

Henry Werchan Headshot Missing
Henry Werchan

Henry Werchan

This person does not have a biography listed with CSA.

Jeff Maley Headshot Missing
Jeff Maley

Jeff Maley

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training