Products +

Services +

Customers +

Partners +

Resources +

New Compliance Standards including CCM, Korean ISMS-P, Thailand BOT, and more now Available on Horangi Warden

As your organization expands and grows, it is important to adhere to cybersecurity standards in different countries to stay compliant. We have added new cybersecurity control frameworks that will help you to define the processes and procedures that your organization must take to assess, monitor, and mitigate cybersecurity risk.

As the compliance regulatory environment continues to evolve, Horangi Warden is constantly expanding its compliance library to serve customers across the globe. 

What new standards are being added to Warden

Our latest set of compliance standards includes Cloud Controls Matrix (CCM), Korean ISMS-P, Thailand BOT, and Thailand OIC, along with new versions of CIS-GCP v1.2 and NIST 800-53 rev5 (NIST 800-53 rev5 will be available by end of October 2022).

Cloud Controls Matrix: The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing that provides guidance on which security controls should be implemented by which party within the cloud supply chain. There are a total of 17 domains in CCM. We have mapped version 4.0 to 10 of the applicable domains for the customer side of the shared responsibility model: 

  • BCR
  • CCC
  • CEK
  • DCS
  • DSP
  • IAM
  • IPY
  • IVS
  • LOG
  • UEM

Available across all 5 clouds (AWS, GCP, Azure, Huawei & Alibaba Cloud).

Korean ISMS-P: The Korean Personal Information and Information Security Management System (ISMS-P) is an information security and personal information management standard created by the Korea Internet & Security Agency (KISA). Compliance with this standard is mandated by the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection as it is designed to help organizations in Korea protect their information assets. We have mapped version 2022.04 of the technical controls in section 2 to Warden rules:

  • 2.5 Authentication and Authority Management(6)
  • 2.6 Access Control(7)
  • 2.7 Encryption Application(2)
  • 2.9 System and Service Operation Management(7)
  • 2.10 System and Service Security Management(9)
  • 2.11 Accident Prevention and Response(5)

Available in Korean language across all 5 clouds (AWS, GCP, Azure, Huawei & Alibaba Cloud).

Thailand BOT: Bank of Thailand (BOT) is the financial regulator in Thailand and they supervise commercial banks, finance companies, credit institutions, asset management companies, e-payment services, and credit card companies. These organizations would have to comply with the information security requirements to operate in Thailand. We have mapped the Bank of Thailand Notification No. SorNorChor. 11/2561 Re: Policies and Measures on Security of Information Technology Systems. The following sections in the notification are mapped:

  • Access Control and Authentication
  • Information Confidentiality and System Integrity
  • System Availability
  • Security Audit of Information Technology Systems

Available in English across all 5 clouds (AWS, GCP, Azure, Huawei & Alibaba Cloud).

Thailand OIC: The Office of Insurance Commission (OIC) supervises insurance companies operating in Thailand. We have mapped the following 2 OIC guidelines, along with the IT security section:

  • OIC Guidelines for Governance and Management for Information Technology Risk for Life Insurance Companies B.E. 2563 (2020)
  • OIC Guidelines for Governance and Management for Information Technology Risk for Non-Life Insurance Companies B.E. 2563 (2020)

Available in Thai language across all 5 clouds (AWS, GCP, Azure, Huawei & Alibaba Cloud).

How to set it up?

These new compliance standards are readily available to customers, across all 5 clouds, with no additional setup needed. We would be thrilled to hear from you about any requests, feedback, or suggestions. To make full use of the feature, you can contact our support team or refer to the user guide: https://support.horangi.com/en  


As organizations adopt a multi-cloud strategy, there is a greater need to look beyond native cloud security tools that provide holistic coverage across clouds. With these new compliance benchmarks added to Warden’s growing stack of resources, Warden is better equipped to provide excellent coverage for the big 5 cloud providers, with better compliance monitoring than ever before. Drop us a line here if you’re interested in a 15-minute, live demo of Warden.

Johnson Thiang Bio
Johnson Thiang

Johnson is an experienced security consultant specialized in conducting security assessments such as web/network/thick-client/mobile penetration testing as well as exploiting human weakness. He enjoys sports, robotics and anything related to technology in his free time. He holds the following certifications: (1) GIAC Penetration Tester (GPEN), (2) Offensive Security Certified Professional

Subscribe to the Horangi Newsletter.

Be the first to hear about Horangi's upcoming webinars and events, up-and-coming cyber threats, new solutions, and the future of cybersecurity from our tech experts.