The overarching goal of the CUSTODES project is to build an integrated Composite Inspection and Certification (CIC) System, that can support ICT products, services or processes over their entire life cycle, from early development to commercialisation, update and maintenance. This CIC platform will act as a bridge between the two main stakeholders of the certification ecosystem: the manufacturer or vendor of the product on one hand, and on the other hand the assessor who performs the conformity assessment. Consequently, the platform presents two main facets, the risk-based protection profile generation (used mostly by the vendor), and the composite conformity assessment process (used mostly by the assessor). A third complementary pillar of the project is information sharing and re-use, to enable and promote a more collaborative certification process, more efficient and less costly, improving the cybersecurity posture of the European industry.
Individual features of the CUSTODES platform naturally overlap with tools targeted specifically at either the vendor or the assessor (risk management, continuous development and integration, security compliance tools, etc.), but the unique value proposition of our project is to facilitate interactions between these stakeholders, notably with a dedicated trusted execution environment that can offer strong confidentiality and traceability guarantees to both parties, cryptographically enforced.