The mapping identifies misalignments and gaps between the updated CCM and CSF
SAN FRANCISCO, May 9, 2024–(BUSINESS WIRE)–The headline of the May 8, 2024 release should read: Cloud Security Alliance Announces Additional Appointments Between Cloud Controls Matrix (CCM) and National Cybersecurity Institute Standards and Technology (NIST). Framework (CSF) (instead of…Cybersecurity Framework (CFT)). The subtitle of the release should read: The designation identifies misalignments and gaps between the updated CCM and CSF (instead of… the updated CCM and CFT).
The updated version reads:
The Cloud Security Alliance announces additional mappings between the Cloud Control Matrix (CCM) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
The mapping identifies misalignments and gaps between the updated CCM and CSF
RSA Conference – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced additional mapping and gap analysis between the leading Cloud Control Matrix (CCM) and the National Institute of Standards and Technology (NIST). and Cybersecurity Framework (CSF) v2.0.
This designation, drafted by the CCM Working Group, aligns the CCM with the CSF and identifies the equivalence, gaps and incompatibilities between the control specifications of the two frameworks, allowing for simpler compliance. Cloud organizations can leverage this mapping to derive several key benefits, enhancing their cloud security and compliance programs.
“By expanding on CCM's existing mapping with NIST's Cybersecurity Framework, we not only provide a way to align an organization's cloud security and compliance efforts, but ensure that every step forward is in the right direction,” said Lefteris Skoutaris, Director of Programs and Research. . Analyst, Cloud Security Alliance, EMEA.
Additionally, the Cloud Controls Matrix (CCM) working group would like to announce a new minor update to CCM v4.0.11. This update and release include the additional mapping of CCMv4.0 with NIST CSF v2.0. This update strengthens CCM's position as the control framework of choice for the cloud security industry.
The story continues
This additional designation brings the total number of designations to 15. The CCM Working Group previously designated CCM according to the following standards: NIST 800-53r5, NIST CSF v1.1 and v2.0, PCI DSS v3.2.1 and v4.0, ISO /IEC 27001 (2013, 2022), ISO/IEC 27002 (2013, 2022), ISO/IEC 27017 (2015), ISO/IEC 27018 (2019), AICPA TSC (2017), CIS v8.0, ISF SOGP 2022 and CCM v3. 0.1. Additional mappings are under development and will be added in the future.
The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing, consisting of 197 control objectives organized into 17 domains, covering all major aspects of cloud technology. It can be used as a tool for systematic evaluation of cloud implementation, and provides guidance on the security controls that should be implemented by any actor within the cloud supply chain. The controls framework is consistent with the CSA Cloud Computing Security Guidelines and is considered a de facto standard for ensuring cloud security and compliance.
Along with releasing updated versions of CCM and CAIQ, the Cloud Controls Matrix working group provides control mappings, gap analysis, and additions between CCM and other industry standards and regulations to keep them up to date. Those interested in participating in the working group or its research are invited to join.
CCM is a free resource and available for download now.
About the Cloud Security Alliance
The Cloud Security Alliance (CSA) is a world-leading organization dedicated to identifying and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to deliver cloud security research, education, training, certification, events, and products. CSA's activities, knowledge and extensive network benefit the entire cloud-impacted community – from service providers and customers to governments, entrepreneurs and the assurance industry – and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For more information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
View source version on Businesswire.com: https://www.businesswire.com/news/home/20240508350504/en/
Contacts
Christina Rundquist
ZAG Communications for CSA
christina@zagcommunications.com
