Description This document is an CCM v4.0 addendum to the 'IBM Cloud Framework for Financial Services' v1.1.0 that contains controls mapping between the CSA CCM v4.0 aims to help 'IBM Cloud Framework for Financial Services' compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in 'IB Services' in relation to the CCM. This document contains the following information: • Controls Mapping • Gap Identification (i.e. Partial, Full or No Gap) • Gap Analysis • Addendum The document is structured as follows. The tab 'CCMv4.0 - 'IBM Cloud Framework for Financial Services' contains the mappings as well as associated information compensating controls. In this tab, columns: • A-D contain the CCMv4.0 domains and control specifications. • E-H contain the results of the mapping and gap analysis exercise. The "Terminology" tab provides a list of terms used in this document and their definitions. The CSA and the CCM working group hope that organizations will find this document useful for their cloud security compliance programs. The contents of this document could contain technical inaccuracies, typographical errors and out-of-date information. If you would like to volunteer in the working group, please sign up here. Acknowledgements Contributors Robin Basham Michael Bayere Geoff Bird Madhav Chablani Brian Dorsey Angell Duran Joel John Erik Johnson David Kliemann (IBM) Andre Moore Vani Murthy Johan Olivier Asif Riaz (IBM) Dimitri Vekris Jim Venuto CSA Staff Daniele Catteddu Eleftherios Skoutaris Change Log Date 24/02/2023 Version 1.0 Notes Publication of first version of the CCM v4.0 addendum for IBM Cloud Framework for Financial Services v1.1.0. © Copyright 2022-2023, Cloud Security Alliance. All rights reserved. Description BM Cloud Framework for Financial Services' v1.1.0 that contains controls mapping between the CSA CCM v4.0 and that framework. The document Services' compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in 'IBM Cloud Framework for Financial ontains the following information: CMv4.0 - 'IBM Cloud Framework for Financial Services' contains the mappings as well as associated information such as the gap analysis and pecifications. nalysis exercise. d in this document and their definitions. rganizations will find this document useful for their cloud security compliance programs. ical inaccuracies, typographical errors and out-of-date information. p, please sign up here. Acknowledgements Contributors Robin Basham Michael Bayere Geoff Bird Madhav Chablani Brian Dorsey Angell Duran Joel John Erik Johnson David Kliemann (IBM) Andre Moore Vani Murthy Johan Olivier Asif Riaz (IBM) Dimitri Vekris Jim Venuto CSA Staff Daniele Catteddu Eleftherios Skoutaris Change Log Notes ersion of the CCM v4.0 addendum for IBM Cloud Framework for Financial Services v1.1.0. ll rights reserved.