This altercation focuses on mapping billow aegis controls to absolute frameworks or regulations.
Download the Billow Aegis Alliance (CSA) Billow Controls Matrix spreadsheet. (A quick Internet chase should accord you the abode of the best accepted adaptation for download.) Beneath the "Scope Applicability" heading, baddest a class that is applicative to the alignment for which you work. For example, if your alignment handle claimed medical abstracts and uses the COBIT framework, you could accept either COBIT or HIPAA/HITECH. Once you baddest a category, accept row from "Control Domain" (that no alternative apprentice has already selected!) Then, actualize a new cilia in this week's altercation with the appellation from cavalcade B (i.e. CCM V3.0 Ascendancy ID.) Explain the ascendancy domain, how it maps to your called scope, and accurately what your alignment does to apparatus the declared control.
If you don't apperceive which ambit applies to your organization, aloof use the University of the Cumberlands (UC) as your organization. As a university, we are beneath the area of FERPA, So, is you accept UC, you would charge to accept a Ascendancy Area and explain how it maps to FERPA, and how UC accouterments the controls.
So, here's an example. Let's accept I assignment for a ample on-line retailer. We handle acquittal cards and are accordingly beneath PCI DSS requirements. I'll baddest BCR-03 ascendancy ID (Business Continuity Planning.) So I would actualize a new cilia in this week's altercation with the appellation "BCR-03." Again I'd explain what BCR-03 is, what it maps to in PCI DSS (4.1, 4.1.1, 9.1, 9.2), and again I'd explain what my alignment does to accede with this ascendancy requirement.
Order a unique copy of this paper