CSA-CCM
CSA-CCM
Compliance standard for information security.
Total Requirements
16
defined requirements
Mapped Controls
0
control mappings
Overall Compliance
0%
0/0 controls compliant
Related Risks
0
0 critical · 0 high
Requirements Coverage
IAM-01
IAM Policy and Procedures
Not mapped
Estabelecer e manter políticas e procedimentos de IAM
No controls mapped to this requirement
IAM-02
Strong Password Policy
Not mapped
Políticas de complexidade, comprimento e expiração de senhas
No controls mapped to this requirement
IAM-03
Identity Inventory
Not mapped
Inventário de identidades com nível apropriado de rastreamento
No controls mapped to this requirement
IAM-04
Separation of Duties
Not mapped
Segregação de funções para prevenir conflitos de interesse
No controls mapped to this requirement
IAM-05
Least Privilege
Not mapped
Princípio do menor privilégio para usuários, serviços e sistemas
No controls mapped to this requirement
IAM-06
User Access Provisioning
Not mapped
Processos para concessão de acessos
No controls mapped to this requirement
IAM-07
User Access Changes and Revocation
Not mapped
Modificação e revogação de acessos em tempo hábil
No controls mapped to this requirement
IAM-08
User Access Review
Not mapped
Revisão periódica de acessos de usuários
No controls mapped to this requirement
IAM-09
Segregation of Privileged Access Roles
Not mapped
Separação de roles de acesso privilegiado
No controls mapped to this requirement
IAM-10
Management of Privileged Access Roles
Not mapped
Gestão e monitoramento de contas privilegiadas
No controls mapped to this requirement
IAM-11
Unique User Identification
Not mapped
Identificação única de usuários
No controls mapped to this requirement
IAM-12
Authentication
Not mapped
Autenticação incluindo MFA para acessos privilegiados
No controls mapped to this requirement
IAM-13
Session Management
Not mapped
Gestão de sessões de usuário
No controls mapped to this requirement
IAM-14
Logging Infrastructure Protection
Not mapped
Proteção da infraestrutura de logs
No controls mapped to this requirement
IAM-15
Remote Access
Not mapped
Controles de acesso remoto seguro
No controls mapped to this requirement
IAM-16
Third-Party Access
Not mapped
Gestão e monitoramento de acessos de terceiros
No controls mapped to this requirement
Educational Content
Standard Overview
Compliance standard for information security.
How Compliance is Calculated
Compliance is calculated based on the maturity level of each control mapped to this standard. Controls with maturity level 3 or above are considered compliant. The overall compliance percentage represents the ratio of compliant controls to total mapped controls.
- Compliant: Maturity level 3 or above
- Partial: Maturity level 1-2
- Non-compliant: Maturity level 0 (not implemented)
Best Practices for Implementation
- Conduct a gap analysis to identify areas needing improvement
- Prioritize controls based on risk assessment results
- Establish clear ownership and accountability for each control
- Implement continuous monitoring and regular reviews
- Document evidence of compliance for audit readiness
- Train staff on security awareness and standard requirements