Cloud Security Alliance APAC
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice

CCM - ABS Mapping

Cloud Controls Matrix (CCM) - ABS Cloud Computing Implementation Guide Mapping

  • ​Subject matter experts are also welcomed to join the CCM-ABS Mapping WG by submitting your request HERE
​
The Financial Services Industry (FSI) is one of most important and regulated sectors in any markets. As such, it is typically bounded by a multitude of regulations that they need to comply with. In Singapore for example, there are the Banking Act and the Securities and Futures Act that financial institutions (FIs) are bounded by. Additionally, there are also numerous guidelines / frameworks / best practices recommended for FIs with the intention to improve operations, better governance, and reduce risk among others. For example, the Monetary Authority of Singapore issued the Technology and Risk Management (TRM) Guidelines that helps FIs minimize technology usage risk.

It is both daunting and challenging, yet a necessary task for conscientious FIs to review these available regulations / guidelines / frameworks / best practices, comply with mandatory regulations, and make decisions about which best practices and recommendations to take heed of, in order to reduce their overall risk exposure and keep up with the industry’s progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving.

In the technology space, there are also multiple frameworks and guidelines available, such as the above-mentioned TRM, ISO/IEC 27001 & 27002 and ISACA COBIT. There are also ISO/IEC 27018, the recently published ISO/IEC 21878, FedRAMP and the Cloud Computing Implementation Guide (CCIG) v2.0 issued by the Association of Banks in Singapore (ABS) that are specific to cloud computing and its related technologies. Because of this complex landscape, cross-mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. An example is the Cloud Security Alliance (CSA)’s Cloud Controls Matrix (CCM) that illustrates the relationship between CSA’s Security Guidance in 14 domains with over 30 industry-accepted global security standards, regulations and controls frameworks.

The Working Group (WG) for CCM-CCIG mapping will aim to perform and verify mapping between ABS CCIG and CCM. This will effectively evaluate the similarities and gaps between CCIG and the numerous frameworks mapped in the CCM. Singapore FIs who are already in line with CCIG will benefit through being able to easily identify and fulfill additional controls (gaps) on top of the CCIG to achieve adherence to another targeted framework within CCM, which is useful when expanding to other markets. 

Scope

The scope for the CCM-CCIG WG includes, but is not limited to:
  • CCM-CCIG mapping (CSA CCM as base) - determining the gaps between controls in both frameworks, whether there are no, partial or full gaps, with CCM as the base framework. This allows a CCIG-compliant entity to evaluate the additional efforts required to become CCM-compliant.
  • Verify mapping and reverse mapping between CSA CCM and ABS CCIG
  • Suggest use cases for the mapping of CSA CCM and ABS CCIG
  • Draft and publish the mapping results and suggested use cases as a CSA guideline
© COPYRIGHT 2021. Cloud Security Alliance. All Right Reserved