CSA Seeks Input on Open Peer Review: CCM v3.0.1
Cloud Security Alliance announces an open peer review period for the Cloud Controls Matrix (CCM) v3.0.1, now through May 8, 2014. We invite you to submit your feedback by leaving comments on the CCM v3.0.1.
The CCM v3.0.1 release will include new or updated mappings to the following security standards:
- AICPA 2014 Trust Services Criteria
- Canada PIPEDA (Personal Information Protection Electronic Documents Act)
- COBIT 5.0
- COPPA (Children’s Online Privacy Protection Act)
- CSA Enterprise Architecture
- ENISA (European Network Information and Security Agency) Information Assurance Framework
- European Union Data Protection Directive 95/46/EC
- FERPA (Family Education and Rights Privacy Act)
- HIPAA/HITECH act and the Omnibus Rule
- ISO/IEC 27001:2013
- ITAR (International Traffic in Arms Regulation)
- Mexico – Federal Law on Protectino of Personal Data Held by Private Parties
- NIST SP800-53 Rev 3 Appendix J
- NZISM (New Zealand Information Security Manual)
- ODCA (Open Data Center Alliance) Usage Model PAAS Interoperability Rev. 2.0
- PCI DSS v3
Submitting feedback is easy!
1) Follow the link to the CSA Interact peer review site: https://interact.cloudsecurityalliance.org/index.php/ccm/v3_0_1
2) Sign up to access the document, review, and comment!*
Feedback is collected and reviewed by the CCM working group for consideration into the latest version. We look forward to receiving your comments.
ABOUT THE CSA CLOUD CONTROLS MATRIX
The CCM provides fundamental security principles to guide cloud vendors and assist prospective cloud customers in assessing the overall security risk of a cloud provider. It strengthens existing information security control environments by delineating control guidance by service provider and consumer, and by differentiating according to cloud model type and environment.
The Cloud Controls Matrix provides a controls framework in 16 domains that integrate and reflect industry-accepted security standards, regulations, and controls frameworks to reduce audit complexity. The CCM seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud.
The CSA Cloud Controls Matrix Working Group has collaborated with a number of organizations in higher education, standards development, risk management, and various industry regulations to add some of the latest compliance requirements to the CCM mappings. Learn more about the CCM Working Group.
*Note: The new mappings are highlighted in red on the spreadsheet and do not affect control specification language, naming and numbering of controls, or any prior mappings.
Additional peer review opportunities including CAIQ v3.0.1 can be found here: https://interact.cloudsecurityalliance.org/