MEDINA Catalogue of Cloud Security controls and metrics: Towards Continuous Cloud Security compliance

Cristina Martinez*, Iñaki Etxaniz*, Alberto Molinuevo*, Juncal Alonso*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

In order to address current challenges on security certification of European ICT products, processes and services, the European Comission, through ENISA (European Union Agency for Cybersecurity), has developed the European Cybersecurity Certification Scheme for Cloud Services (EUCS). This paper presents the overview of the H2020 MEDINA project approach and tools to support the adoption of EUCS and offers a detailed description of one of the core components of the framework, the MEDINA Catalogue of Controls and Metrics. The main objective of the MEDINA Catalogue is to provide automated functionalities for CSPs’ compliance managers and auditors to ease the certification process towards EUCS, through the provision of all information and guidance related to the scheme, namely categories, controls, security requirements, assurance levels, etc. The tool has been enhanced with all the research and implementation works performed in MEDINA, such as definition of compliance metrics, suggestion of related implementation guidelines, alignment of similar controls in other schemes, and a set of self-assessment questionnaires, which are presented and discussed in this paper.

Original languageEnglish
Article number90
JournalOpen Research Europe
Volume4
DOIs
Publication statusPublished - 2024

Keywords

  • Cloud Certification
  • Continuous Compliance
  • Cyber-security
  • Cyber-security Act
  • EUCS

Fingerprint

Dive into the research topics of 'MEDINA Catalogue of Cloud Security controls and metrics: Towards Continuous Cloud Security compliance'. Together they form a unique fingerprint.

Cite this