Cloud 101CircleEventsBlog

CCM Addenda Updates for Two Additional Standards

CCM Addenda Updates for Two Additional Standards

Blog Article Published: 01/21/2019

By the CSA CCM Working Group

We're happy to announce the publication of the updated Cloud Controls Matrix (CCM) Addenda for the following standards:
— German Federal Office for Information Security (BSI) Cloud Computing Compliance Controls Catalogue (C5)
ISO/IEC 27002, ISO/IEC 27017 and ISO/IEC 27018

These CCM addenda aim to help organizations assess and bridge compliance gaps between the CCM and other security frameworks.

The documents contain:

  • A controls mapping between the above mentioned standards and the CCM (e.g. which control(s) in CCM maps to each given control in ISO27017).
  • A gap analysis
  • Compensating controls (i.e. the actual “addendum”)

Additionally, the addendum for the German BSI C5 contains both mappings and reverse mappings.

The CSA and the CCM Working Group hope that organizations will find this document useful for their security compliance programs.

Best Regards,
CSA CCM Working Group

Share this content on your favorite social network today!