Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Cloud Controls Matrix Work Group Session

Sean Cordero President of Cloudwatchmen, Co-chair CCM, CSAEvelyn de Souza Data Center Security Strategist, Cisco, Co-chair CCM, CSA

http://www.cloudsecurityalliance.org/


Who Controls What in the Cloud Ecosystem?

CSA Security Guidance v3.0



Cloud Controls Matrix (CCM)CSA Security Guidance 3.0x

3 new control domains to address new ways cloud data is accessed

Improved clarity and cohesiveness of control domains

Mobile Security

Supply Change Management, Transparency and Accountability

Interoperability and Portability



CCM Release PipelineVersion 1.x Releases – 1.0 (April 2010), 1.01 (Oct 2010), 1.1 (Dec 2010), v1.2 (Aug 2011), v1.3 Aprill, 2013,

v1.4 (TBD)

Next Full Revision Release – April 2013

CCM 1..3 Align to Security Guidance 3.0

CCM 1.4

Baseline Control Assurance Framework for Cloud Security – mapped to:

**COBIT 4.1**HIPAA / HITECH ActISO/IEC 27001:2005**NIST Special Publication (SP) 800-53 Rev 3FedRAMP 3.0PCI DSS v2.0BITS Shared AssessmentsGAPPJericho ForumNERC CIPAICPA Trust Services Principles & Criteria (TSP)

**CCM .xx Future Pipeline Mapping Considerations:• Open Data Center Alliance (ODCA)• HIPAA/HITECH Act (CSA HIMG)• COBIT 5 (Information Security)• NIST SP 800-53 Rev 4• Slovenian Information Commissioner on Privacy

Guidance for Cloud Computing• New Zealand Information Security Manual

(NZISM)



Your Call to Action

Become involved as a subject matter expert and a reviewer for upcoming releases

Advise on different standards that we should consider mapping in going forward

Implement the CCM in your organization’s compliance reporting tools




Thank You


Documents

Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Cloud Controls Matrix Work Group Session Sean Cordero President of Cloudwatchmen,