*This working group also developed an interactive website for the previous version of the enterprise architecture.
Cloud Security Research for Enterprise Architecture
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Enterprise Architecture Reference Guide v2
This guide is your deep dive into each domain of CSA’s Enterprise Architecture (EA). CSA’s EA is both a methodology and a set of tools. It is a framework, a comprehensive approach for the architecture of a secure cloud infrastructure, and can be used to assess opportunities for improvement, create roadmaps for technology adoption, identify reusable security patterns, and assess various cloud providers and security technology vendors against a common set of capabilities. To create the CSA Enterprise Architecture, the EA Working Group leveraged four industry standard architecture models: TOGAF, ITIL, SABSA, and Jericho, therefore combining the best of breed architecture paradigms into a comprehensive approach to cloud security. By merging business drivers with security infrastructure, the EA increases the value proposition of cloud services within an enterprise business model.
Enterprise Architecture v2 to CCM v3 Mapping
The Enterprise Architecture (EA) is CSA’s standard cloud reference architecture, while the Cloud Controls Matrix (CCM) is CSA’s standard control set. By applying the CCM controls, an organization ensures that the EA is operating securely. However, until now, the link between the EA and CCM has never been demonstrated. This spreadsheet by CSA’s EA Working Group provides a mapping between the Enterprise Architecture 2.0 and Cloud Controls Matrix 3.0.1, showing how they can be used together to secure an enterprise architecture.
Enterprise Architecture to CCM Mapping Guide
This document serves as an overview and explanation of the Enterprise Architecture v2 to CCM v3.0.1 Mapping. We first define the CSA Enterprise Architecture and CSA CCM, then demonstrate through example how the mapping was accomplished. After this, the mapping results are provided and explained in a summary.