TY - JOUR
T1 - MEDINA Catalogue of Cloud Security controls and metrics
T2 - Towards Continuous Cloud Security compliance
AU - Martinez, Cristina
AU - Etxaniz, Iñaki
AU - Molinuevo, Alberto
AU - Alonso, Juncal
N1 - Publisher Copyright:
Copyright: © 2024 Martinez C et al.
PY - 2024
Y1 - 2024
N2 - In order to address current challenges on security certification of European ICT products, processes and services, the European Comission, through ENISA (European Union Agency for Cybersecurity), has developed the European Cybersecurity Certification Scheme for Cloud Services (EUCS). This paper presents the overview of the H2020 MEDINA project approach and tools to support the adoption of EUCS and offers a detailed description of one of the core components of the framework, the MEDINA Catalogue of Controls and Metrics. The main objective of the MEDINA Catalogue is to provide automated functionalities for CSPs’ compliance managers and auditors to ease the certification process towards EUCS, through the provision of all information and guidance related to the scheme, namely categories, controls, security requirements, assurance levels, etc. The tool has been enhanced with all the research and implementation works performed in MEDINA, such as definition of compliance metrics, suggestion of related implementation guidelines, alignment of similar controls in other schemes, and a set of self-assessment questionnaires, which are presented and discussed in this paper.
AB - In order to address current challenges on security certification of European ICT products, processes and services, the European Comission, through ENISA (European Union Agency for Cybersecurity), has developed the European Cybersecurity Certification Scheme for Cloud Services (EUCS). This paper presents the overview of the H2020 MEDINA project approach and tools to support the adoption of EUCS and offers a detailed description of one of the core components of the framework, the MEDINA Catalogue of Controls and Metrics. The main objective of the MEDINA Catalogue is to provide automated functionalities for CSPs’ compliance managers and auditors to ease the certification process towards EUCS, through the provision of all information and guidance related to the scheme, namely categories, controls, security requirements, assurance levels, etc. The tool has been enhanced with all the research and implementation works performed in MEDINA, such as definition of compliance metrics, suggestion of related implementation guidelines, alignment of similar controls in other schemes, and a set of self-assessment questionnaires, which are presented and discussed in this paper.
KW - Cloud Certification
KW - Continuous Compliance
KW - Cyber-security
KW - Cyber-security Act
KW - EUCS
UR - http://www.scopus.com/inward/record.url?scp=85198078892&partnerID=8YFLogxK
U2 - 10.12688/openreseurope.16669.1
DO - 10.12688/openreseurope.16669.1
M3 - Article
AN - SCOPUS:85198078892
SN - 2732-5121
VL - 4
JO - Open Research Europe
JF - Open Research Europe
M1 - 90
ER -