The CSA cloud computing architecture is guided by business requirements. In the case of the CSA Enterprise Architecture, these requirements come from the Cloud Controls Matrix (CCM) guided by regulations such as Sarbanes-Oxley, standards frameworks such as ISO-27002, the Payment Card Industry Data Security Standards, and the IT Audit Frameworks, such as COBIT, all in the context of cloud delivery models such as SaaS, PaaS and IaaS.
The CSA Enterprise Architecture was used as the basis for NIST security reference architecture (SP500-299, SP500-292).
*This working group also developed an interactive website for the previous version of the enterprise architecture.
This group follows closely to the CCM working group in order to map the architecture domains that help enterprises identify critical components that are key to their cloud security architecture. These domains, when agreed upon to an adjacent CCM control domain, create a larger picture for easily implementing strategies.
Jun 25, 2021, 12:00PM PDT
Join the Meeting
Working Group Leadership
Cloud Security Research for Enterprise Architecture
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Enterprise Architecture to CCM Mapping Guide
This document serves as an overview and explanation of the Enterprise Architecture v2 to CCM v3.0.1 Mapping. We first define the CSA Enterprise Architecture and CSA CCM, then demonstrate through example how the mapping was accomplished. After this, the mapping results are provided and explained in a summary.
Enterprise Architecture Reference Guide v2
This guide is your deep dive into each domain of CSA’s Enterprise Architecture (EA). CSA’s EA is both a methodology and a set of tools. It is a framework, a comprehensive approach for the architecture of a secure cloud infrastructure, and can be used to assess opportunities for improvement, create roadmaps for technology adoption, identify reusable security patterns, and assess various cloud providers and security technology vendors against a common set of capabilities. To create the CSA Enterprise Architecture, the EA Working Group leveraged four industry standard architecture models: TOGAF, ITIL, SABSA, and Jericho, therefore combining the best of breed architecture paradigms into a comprehensive approach to cloud security. By merging business drivers with security infrastructure, the EA increases the value proposition of cloud services within an enterprise business model.
Enterprise Architecture v2 to CCM v3 Mapping
The Enterprise Architecture (EA) is CSA’s standard cloud reference architecture, while the Cloud Controls Matrix (CCM) is CSA’s standard control set. By applying the CCM controls, an organization ensures that the EA is operating securely. However, until now, the link between the EA and CCM has never been demonstrated. This spreadsheet by CSA’s EA Working Group provides a mapping between the Enterprise Architecture 2.0 and Cloud Controls Matrix 3.0.1, showing how they can be used together to secure an enterprise architecture.
|The New Enterprise Architecture Is Zero Trust||OODALoop||June 07, 2021|