Cloud Controls Matrix Work Group Session Sean Cordero
Download
Report
Transcript Cloud Controls Matrix Work Group Session Sean Cordero
Sean Cordero
President of Cloudwatchmen, Co-chair CCM, CSA
Evelyn de Souza
Data Center Security Strategist, Cisco, Co-chair CCM, CSA
Cloud Controls Matrix Work Group Session
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
CSA Security Guidance v3.0
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
3 new control domains to
address new ways cloud data
is accessed
Improved clarity and
cohesiveness of control
domains
Mobile Security
Supply Change Management,
Transparency and Accountability
Interoperability and Portability
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Version 1.x Releases – 1.0 (April 2010),
1.01 (Oct 2010), 1.1 (Dec 2010), v1.2
(Aug 2011), v1.3 Aprill, 2013,
v1.4 (TBD)
Next Full Revision Release – April 2013
CCM 1..3 Align to Security Guidance 3.0
CCM 1.4
Baseline Control Assurance Framework for
Cloud Security – mapped to:
**COBIT 4.1
**HIPAA / HITECH Act
ISO/IEC 27001:2005
**NIST Special Publication (SP) 800-53 Rev 3
FedRAMP 3.0
PCI DSS v2.0
BITS Shared Assessments
GAPP
Jericho Forum
NERC CIP
AICPA Trust Services Principles & Criteria (TSP)
**CCM .xx Future Pipeline Mapping
Considerations:
•
•
•
•
•
•
Open Data Center Alliance (ODCA)
HIPAA/HITECH Act (CSA HIMG)
COBIT 5 (Information Security)
NIST SP 800-53 Rev 4
Slovenian Information Commissioner on Privacy
Guidance for Cloud Computing
New Zealand Information Security Manual (NZISM)
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Become involved as a subject matter expert and a reviewer for upcoming
releases
Advise on different standards that we should consider mapping in going
forward
Implement the CCM in your organization’s compliance reporting tools
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org