Research Peer Reviews

Cloud Incident Response Charter

Cloud Incident Response Charter

To develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud outages (both security and non-security related), and their handling and mitigation strategies.

Open Until: 12/17/2018
CCM Addendum - ISO/IEC 27002, 27017, 27018

CCM Addendum - ISO/IEC 27002, 27017, 27018

This document is an addendum to the CCM V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and ISO/IEC 27002:2013, ISO/IEC 27017:2015 and ISO/IEC 27018:2014. The document includes: • A controls mapping between the mentioned standards and CCM (e.g. which control(s) in CCM maps to each given control in ISO27017). • A gap analysis • Compensating controls (i.e. the actual “addendum”). The purpose of the document is to help organisations assess and bridge compliance gaps between these standards. The document is structured as follows: Columns A-B-C contain details of the ISO standards, Column D provides the gap identification, Column E contains the controls mapping, Column F provides the gap analysis details and finally the Column G provides the compensating controls. The CSA and the CCM working group hope that organizations will find this document useful for their cloud security compliance programs. In the execution of this project, the CCM WG and the CSA recognizes that this is a mapping of ISO 27002, ISO 27017 and ISO 27018 which is a recommendation/guidelines ('should') standard to the CCM which is a mandatory requirements ('shall') standard. The contents of this document could contain technical inaccuracies, typographical errors and out-of-date information. The work was completed on May 18th, 2018 by volunteers in the CSA's CCM Working Group who are acknowledged below. If you would like to volunteer in the working group, please sign up here: https://cloudsecurityalliance.org/group/cloud-controls-matrix/#_join

Open Until: 12/21/2018
CCM Addendum - C5

CCM Addendum - C5

This document is an addendum to the CCM V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and the German Federal Office for Information Security (BSI) Compliance Controls Catalogue (C5). The document includes: • A mapping between the controls in the mentioned standards and CCM (e.g. which control(s) in CCM maps to each given control in the C5). • A gap analysis • Compensating controls (i.e. the actual “addendum”). The purpose of the document is to help organisations assess and bridge compliance gaps between these standards. The document is structured as follows: Columns A-B-C contain details of the C5 standard, Column D provides the gap identification, Column E contains the controls mapping, Column F provides the gap analysis details and finally the Column G provides the compensating controls. The CSA and the CCM working group hope that organizations will find this document useful for their cloud security compliance programs. The contents of this document could contain technical inaccuracies, typographical errors and out-of-date information. This work was partly funded by the EU H2020 project EU-SEC under the Grant No. 731845.

Open Until: 12/21/2018
Quantum-Safe Security Working Group Charter

Quantum-Safe Security Working Group Charter

The Quantum‐Safe Security Working Group (QSSWG) has been formed to address key generation and transmission methods and to help the industry understand quantum‐safe methods for protecting their networks and their data.

Open Until: 01/11/2019
Cloud OS Security Specification

Cloud OS Security Specification

This document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299 and NIST SP 800-144 in the context of cloud computing security.

Open Until: 01/21/2019