▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | GreenCity | Italian Channel Awards | Italian Project Awards | ...
InnovationOpenLab

CORRECTING and REPLACING Cloud Security Alliance Announces Additional Mappings Between Cloud Controls Matrix (CCM) and National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF)

#CCM--Headline of release dated May 8, 2024 should read: Cloud Security Alliance Announces Additional Mappings Between Cloud Controls Matrix (CCM) and National Institute of Standards and Technology’...

Business Wire

Mapping identifies misalignment and gaps between updated CCM and CSF

SAN FRANCISCO: #CCM--Headline of release dated May 8, 2024 should read: Cloud Security Alliance Announces Additional Mappings Between Cloud Controls Matrix (CCM) and National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) (instead of ...Cybersecurity Framework (CFT)). Subhead of release should read: Mapping identifies misalignment and gaps between updated CCM and CSF (instead of ...updated CCM and CFT).

The updated release reads:

CLOUD SECURITY ALLIANCE ANNOUNCES ADDITIONAL MAPPINGS BETWEEN CLOUD CONTROLS MATRIX (CCM) AND NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY’S (NIST) CYBERSECURITY FRAMEWORK (CSF)

Mapping identifies misalignment and gaps between updated CCM and CSF

RSA Conference--The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced an additional mapping and gap analysis between its flagship Cloud Controls Matrix (CCM) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) v2.0.

Drafted by the CCM Working Group, this mapping serves to align CCM with CSF and to identify the equivalence, gaps, and misalignment between the control specifications of the two frameworks, allowing for more streamlined compliance. Cloud organizations can leverage this mapping to derive numerous key benefits, enhancing their cloud security and compliance programs.

“By expanding upon the CCM’s current mapping to NIST’s Cybersecurity Framework we are not only providing a means to aligning an organization's cloud security and compliance efforts, but ensuring that every step forward is in the right direction,” said Lefteris Skoutaris, Program Manager and Research Analyst, Cloud Security Alliance, EMEA.

Additionally, the Cloud Controls Matrix (CCM) Working Group would like to announce a new minor update to CCM v4.0.11. This update and release incorporates the additional mapping of CCMv4.0 with NIST CSF v2.0. This update serves to strengthen CCM’s position as the cloud security industry’s preferred control framework.

This additional mapping brings the total number of mappings to 15. The CCM Working Group previously mapped CCM to the following standards: NIST 800-53r5, NIST CSF v1.1 and v2.0, PCI DSS v3.2.1 and v4.0, ISO/IEC 27001 (2013, 2022), ISO/IEC 27002 (2013, 2022), ISO/IEC 27017 (2015), ISO/IEC 27018 (2019), AICPA TSC (2017), CIS v8.0, ISF SOGP 2022 and CCM v3.0.1. Additional mappings are under development and will be added in the future.

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing, composed of 197 control objectives structured in 17 domains, covering all key aspects of the cloud technology. It can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain. The controls framework is aligned to the CSA Security Guidance for Cloud Computing and is considered a de-facto standard for cloud security assurance and compliance.

Along with releasing updated versions of the CCM and CAIQ, the Cloud Controls Matrix Working Group provides control mappings, gap analysis, and addendums between the CCM and other industry standards and regulations to keep it continually up-to-date. Those interested in participating in the working group or its research are invited to join.

The CCM is a free resource and is available for download now.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

Gyala: a new "Made in Italy" cybersecurity

With a proven track record in the defence field, Gyala now also brings its cybersecurity technologies to the wider enterprise audience

ITALIAN PROJECT AWARDS 2023: the best IT projects of the year, awarded

Now in its third edition, the initiative is targeted at the ICT professional world and honours projects based on innovative ideas and technologies, realised…

I3P launches the Cybersecurity Incubation Program

The I3P's initiative is promoted together with the National Cybersecurity Agency in collaboration with Leonardo and C*Sparks.

iVis Technologies enables remotely-controlled corneal telesurgery

It's based on Italian technologies the first successful intercontinental telesurgery intervention for keratoconus carried out remotely, connecting Bari…

Most read

NukuDo, a Global Leader in Cybersecurity Workforce Development, Launches…

Today, NukuDo, a global leader in cybersecurity workforce development and staffing, proudly announces the launch of its North American headquarters in…

AmerisourceBergen Specialty Group Provides Substitute Notice of Data Incident…

AmerisourceBergen Specialty Group, LLC (ABSG) is issuing notice to individuals who may have been impacted by a data security incident. ABSG’s parent company…

Latin America Data Center Market Landscape Report 2024-2029 Featuring…

The "Latin America Data Center Market Landscape 2024-2029" report has been added to ResearchAndMarkets.com's offering. The Latin American data center…

TruBridge Announces Participation in the Stifel Cross Sector Insight Conference

TruBridge, Inc. (NASDAQ:TBRG), a healthcare solutions company, today announced that management will participate in the Stifel Cross Sector Insight Conference…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!