Download Publication
![Enterprise Architecture to CCM v3.0.1 Mapping](https://cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6NDAyNCwicHVyIjoiYmxvYl9pZCJ9fQ==--cb4d46cd318027cbe0dd95f2e6ddaf446bfd6a29/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJyZXNpemVfdG9fbGltaXQiOlsyMjUsMzAwXX0sInB1ciI6InZhcmlhdGlvbiJ9fQ==--ed3d8b3503f8660626bf50138e90f4b6f3228621/wcsa-artifact-7ec23f2d1880670b4b7e7a9b97833334.png)
Enterprise Architecture to CCM v3.0.1 Mapping
Release Date: 12/18/2020
Working Group: Enterprise Architecture
The Enterprise Architecture working group's Enterprise Reference Architecture (ERA) is both a methodology and a set of tools enabling security architects, enterprise architects and GRC professionals to leverage a common set of solutions that fulfill their common needs. The expectation is the ERA will assist in assessments where their internal IT and their cloud providers are in terms of security capabilities and roadmap planning to meet the security needs of their business. The ERA provides a security viewpoint on a typical Enterprise Architecture, thus taking a domain-based approach covering Business Operations, IT Operations, Security and Risk Management as well as the classic layered architecture of Presentation, Application, Information, and Infrastructure domains.
The mapping of CCM controls per the Shared Responsibility Model according to the following service levels - IaaS, PaaS, SaaS. It is intended to give the reader an overview of cloud responsibility with the specific control domain from the view of either the cloud service provider and/or the cloud consumer. 0 (zero) signifies no responsibility, whereas the placement of a 1 (one) signifies the given responsibility. From here, the reader can map that control domain back to the CCM control for further guidance and architecture.
Download this Resource
Prefer to access this resource without an account? Download it now.
Related Resources
Acknowledgements
![Michael Roza](/https/cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6Mzc3NCwicHVyIjoiYmxvYl9pZCJ9fQ==--2ee3c93fe3c1fbe44c00209688a02592cb8f251c/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/roza.jpg)
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.
Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His lea...
![Sean Heide](/https/cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA1OTAsInB1ciI6ImJsb2JfaWQifX0=--6fec6119dd82805dcd73b1f5bee2b5241e75a27e/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGVnIiwiYXV0b19vcmllbnQiOnRydWUsInJvdGF0ZSI6MCwiZ3Jhdml0eSI6ImNlbnRlciIsInJlc2l6ZSI6IjE4MHgyNDBeIiwiYmFja2dyb3VuZCI6Im5vbmUifSwicHVyIjoidmFyaWF0aW9uIn19--bce64e6cd8e04ad10bf1b7b6142bab4d14a520af/sean-h.jpeg)
Sean Heide
Technical Research Director, CSA
![Jon-Michael Brook](/https/cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MjQyMTQsInB1ciI6ImJsb2JfaWQifX0=--a7375654b40b8faf0196d2525ed503f465a8aabb/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGVnIiwiYXV0b19vcmllbnQiOnRydWUsInJvdGF0ZSI6MCwiZ3Jhdml0eSI6ImNlbnRlciIsInJlc2l6ZSI6IjE4MHgyNDBeIiwiYmFja2dyb3VuZCI6Im5vbmUifSwicHVyIjoidmFyaWF0aW9uIn19--bce64e6cd8e04ad10bf1b7b6142bab4d14a520af/Jon-Michael_Brook_1676316333698001Ti4g_1676328890534001qP6z.jpeg)
Jon-Michael Brook
Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Jon-Michael received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. He holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction...
![Shahid Sharif Headshot Missing](/https/cloudsecurityalliance.org/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Shahid Sharif
![Jeff Maley Headshot Missing](/https/cloudsecurityalliance.org/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Jeff Maley
![Nabeel Yousif Headshot Missing](/https/cloudsecurityalliance.org/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Nabeel Yousif
![Troy Peterson Headshot Missing](/https/cloudsecurityalliance.org/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Troy Peterson
![Sunil Jaikumar Headshot Missing](/https/cloudsecurityalliance.org/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Sunil Jaikumar
![Mike Greer Headshot Missing](/https/cloudsecurityalliance.org/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Mike Greer
Interested in helping develop research with CSA?
Related Certificates & Training
![](/https/cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6Mzc3MDgsInB1ciI6ImJsb2JfaWQifX0=--b84715251d1eb44c8c25ffb639dbaaf02d8be215/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiNTQweDI3MCIsImJhY2tncm91bmQiOiJub25lIiwiZXh0ZW50IjoiNjAweDMwMCJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--b6526fee53eea0eb5e5fc20ccf5c73f057b1322f/ccsk-logo.png)
Learn more