RT Journal Article
T1 MEDINA Catalogue of Cloud Security controls and metrics: 												Towards Continuous Cloud Security compliance
A1 Martinez, Cristina
A1 Etxaniz, Iñaki
A1 Molinuevo, Alberto
A1 Alonso, Juncal
AB In order to address current challenges on security certification of European ICT products, processes and services, the European Comission, through ENISA (European Union Agency for Cybersecurity), has developed the European Cybersecurity Certification Scheme for Cloud Services (EUCS). This paper presents the overview of the H2020 MEDINA project approach and tools to support the adoption of EUCS and offers a detailed description of one of the core components of the framework, the MEDINA Catalogue of Controls and Metrics. The main objective of the MEDINA Catalogue is to provide automated functionalities for CSPs’ compliance managers and auditors to ease the certification process towards EUCS, through the provision of all information and guidance related to the scheme, namely categories, controls, security requirements, assurance levels, etc. The tool has been enhanced with all the research and implementation works performed in MEDINA, such as definition of compliance metrics, suggestion of related implementation guidelines, alignment of similar controls in other schemes, and a set of self-assessment questionnaires, which are presented and discussed in this paper.
SN 2732-5121
YR 2024
FD 2024
LK https://hdl.handle.net/11556/4760
UL https://hdl.handle.net/11556/4760
LA eng
NO Martinez , C , Etxaniz , I , Molinuevo , A & Alonso , J 2024 , ' MEDINA Catalogue of Cloud Security controls and metrics : Towards Continuous Cloud Security compliance ' , Open Research Europe , vol. 4 , 90 . https://doi.org/10.12688/openreseurope.16669.1
NO Publisher Copyright: Copyright: © 2024 Martinez C et al.
DS TECNALIA Publications
RD 28 sept 2024