CCM Addendum - C5
This document is an addendum to the CCM V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and the German Federal Office for Information Security (BSI) Compliance Controls Catalogue (C5). The document includes: • A mapping between the controls in the mentioned standards and CCM (e.g. which control(s) in CCM maps to each given control in the C5). • A gap analysis • Compensating controls (i.e. the actual “addendum”). The purpose of the document is to help organisations assess and bridge compliance gaps between these standards. The document is structured as follows: Columns A-B-C contain details of the C5 standard, Column D provides the gap identification, Column E contains the controls mapping, Column F provides the gap analysis details and finally the Column G provides the compensating controls. The CSA and the CCM working group hope that organizations will find this document useful for their cloud security compliance programs. The contents of this document could contain technical inaccuracies, typographical errors and out-of-date information. This work was partly funded by the EU H2020 project EU-SEC under the Grant No. 731845.