Download Publication

Enterprise Architecture to CCM v3.0.1 Mapping
Release Date: 12/18/2020
Working Groups: Enterprise Architecture Cloud Controls Matrix Working Group
The Enterprise Architecture working group's Enterprise Reference Architecture (ERA) is both a methodology and a set of tools enabling security architects, enterprise architects and GRC professionals to leverage a common set of solutions that fulfill their common needs. The expectation is the ERA will assist in assessments where their internal IT and their cloud providers are in terms of security capabilities and roadmap planning to meet the security needs of their business. The ERA provides a security viewpoint on a typical Enterprise Architecture, thus taking a domain-based approach covering Business Operations, IT Operations, Security and Risk Management as well as the classic layered architecture of Presentation, Application, Information, and Infrastructure domains.
The mapping of CCM controls per the Shared Responsibility Model according to the following service levels - IaaS, PaaS, SaaS. It is intended to give the reader an overview of cloud responsibility with the specific control domain from the view of either the cloud service provider and/or the cloud consumer. 0 (zero) signifies no responsibility, whereas the placement of a 1 (one) signifies the given responsibility. From here, the reader can map that control domain back to the CCM control for further guidance and architecture.
Download this Resource
Prefer to access this resource without an account? Download it now.
Related Resources
Acknowledgements

Michael Roza
Head of Risk, Audit, Control and Compliance
Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Sean Heide
Technical Research Director, CSA
This person does not have a biography listed with CSA.

Jon-Michael Brook
Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in...

Shahid Sharif
This person does not have a biography listed with CSA.

Jeff Maley
This person does not have a biography listed with CSA.

Nabeel Yousif
This person does not have a biography listed with CSA.

Troy Peterson
This person does not have a biography listed with CSA.

Sunil Jaikumar
This person does not have a biography listed with CSA.

Mike Greer
This person does not have a biography listed with CSA.