Cloud Security Alliance, 2015 Sean Cordero, Chair CCM.

Cloud Security Alliance, 2015 Sean Cordero, Chair CCM Agenda Cloud Security Alliance, 2015 Overview of the CCM CSA STAR & The CCM Industry Adoption and the CCM Looking Ahead: CCM 2016 Overview of the CCM Cloud Security Alliance, Industry standard for Cloud supply chain security & risk management: Delineates control ownership (Provider, Customer) An anchor for security and compliance posture measurement Provides a framework of 16 control domains Controls map to global regulations and security standards Industry Driven Effort: 120+ Peer Review Participants Participants: AICPA, Microsoft, McKesson, ISACA, Oracle Backbone of the Open Certification Framework and STAR Industry Adoption of the CCM Cloud Security Alliance, CSA STAR Certification Based on ISO/IEC 27001:2013 and CCM 3.x Provides enhanced assessment to provide full visibility. Flexible assessment that can be tailored through the Statement of Applicability. CSA and AICPA Cloud Attestation Third party assessment program of cloud providers officially known as CSA Security Trust & Assurance Registry (STAR) Attestation. Enables enhanced, cloud-specific AICIPA SOC 2 Reporting. Illustrative SOC2 with CCM provided on AICPA site. Looking Ahead: CCM Next CCM Release: Planned for to remain stable throughout 2015 Guidance 4.0 Alignment w/ CCM Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact Call to Action Peer Review of ISO Mappings in Q Standing Control Reviews Established Improve auditability & measurement Clarify intent and language Get involved! Contact ccm- Contact Information Cloud Security Alliance, Sean Cordero ? ? ? ? Cloud Security Alliance, 2015 SaaS CSA STAR Watch Cloud Security Alliance, CSA STAR Watch: Subscription based, SaaS tool to manage CCM compliance. Delivers CCM/CAIQ Delivered in a multi-user database. Enables control delegation for assessors. Open Beta started announced at CSA Summit (4/20) Envision integration with STAR and GRC consoles Visit the CSA booth in the South Hall (to the right of the main entrance) # 2621 Demos at 4pm (Tuesday and Wednesday) Interested? Contact w/ Subject Line CSA STAR Watch