Skip to main content

The European Security Certification Framework

Deliverables

Integration framework - Final documentation

update of D3.2, D3.3 and D3.4

TRA Methodology

This deliverable will include the description of the approach that will be followed for assessing the technology readiness of the EU-SEC solutions

Security and privacy requirements and controls

This deliverable will be a report that includes security and privacy requirements

Consolidation and analysis the pilot results

This deliverable will analyse principles, rules and mechanism for multiparty recognition framework and consolidate and summarise the results of pilot conducted in T4.1, 4.2, 4.3 and 4.4

Annual report on dissemination, standardisation and exploitation

The deliverable will be a document, which will be updated on an annual to report on the assessment of the activities related to dissemination, standardisation and exploitation.

Pilot preparation report

This deliverable will report the results of task 5.1.

EU-SEC Framework Final Version

This deliverable will refine the content of D2.4 based on the input and feedback collected during the pilot phase.

EU-SEC Framework – First Version

This deliverable will integrate the components of the governance structure defined in D2.1, D2.2 and D2.3

Training and awareness plan

This deliverable includes the training and awareness plan that will support the market uptake of the results of the EU-SEC project. The plan will include trainings, educational activities (e.g. workshops, webinars, booklet, events) and education material (e.g. guidelines, white papers, etc.) addressed to the target audience.

Architecture and tools for evidence storage V1

This deliverable describes the design of and implements trustworthy storage and management of evidence.

Multiparty recognition framework for cloud security certifications

This deliverable will include the governance structure of the EU-SEC Framework, including the governance bodies, their roles and responsibilities, the rules and mechanisms for the establishment of a multiparty recognition schema.

Technical report on pilot integration for provider selection and continuous certification

This deliverable will describe the activities conducted in the context of task 5.2

Principles, criteria and requirements for a multiparty recognition and continuous monitoring based certifications

This deliverable will be a report that defines the principles, criteria and requirements for a multipart recognition scheme and continuous auditing based certification.

Privacy Code of Conduct

This deliverable will include the governance of the Privacy Code of Conduct.

Continuous Auditing / Monitoring certification scheme

This deliverable will include the certification scheme and governance structure for the continuous monitoring / auditing-based certification.

Architecture for security controls V1

This deliverable consists of documentation and description of methods and tools to manage security controls for cloud services

Architecture and tools for auditing V1

In this deliverable, the approach to unified configuration of existing security audit tools will be described and implemented.

Auditing and assessment requirements

This deliverable will be a report that includes auditing requirements

Integration framework V1

In this deliverable, the approach how to determine the maturity of existing security audit tools for cloud services will be described and implemented. Furthermore, a methodology to seamlessly integrate existing tools into cloud services certification systems will be detailed and demonstrated.

Requirements and validation criteria – Pilot results

This deliverable will consolidate and summarise the results of the pilot as described in T5.3.

Final annual report on dissemination, standardisation and exploitation

This deliverables is an update of D6.3 and D6.4

Website and Dissemination and Standardisation Plan

This deliverable includes the project’s website and the dissemination plan guiding WP6’s communication activities for maximizing the value proposition and market uptake by spreading the project’s results with relevant target audiences. The first version of the standardization strategy (including a survey of related standards/best practices) will be also documented in this report.

Exploitation Plan

This deliverable presents the first exploitation plan guiding WP6’s activities in terms long-term sustainability of the certification framework and its components that shall enable auditors and ICT companies to exploit the project’s results for their business.

Publications

"Neue Wege in der IT-Sicherheitszertifizierung von Cloud-Infrastrukturen: Beitrag auf der Internetseite OBJEKTspektrum, Online Themenspecial ""Cloud Computing - Dynamische IT- Leistung aus der Wolke"" (https://www.sigs-datacom.de/)"

Author(s): Großmann, Jürgen; Knoblauch, Dorian
Published in: Fraunhofer FOKUS, Issue 3, 2019

EU-SEC pilot use case, from ISO 27001 to ISO 27017

Author(s): Anton Ujčič, Bojan Pohar
Published in: IJU 2018 Informatics in Public Administration, 2018

Cloud Provider Continuous Assurance: EU SEC Framework for Continuous Assurance in the Cloud

Author(s): Dorian Knoblauch, Jim de Haas
Published in: ISSA Journal Oct 2019, Issue Volume 17 Issue 10, 2019

A Process Model to Support Continuous Certification of Cloud Services

Author(s): Immanuel Kunz, Philipp Stephanow
Published in: 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), 2017, Page(s) 986-993
DOI: 10.1109/AINA.2017.106

Towards Continuous Security Certification of Software-as-a-Service Applications Using Web Application Testing Techniques

Author(s): Philipp Stephanow, Koosha Khajehmoogahi
Published in: 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), 2017, Page(s) 931-938
DOI: 10.1109/AINA.2017.107

Continuous Location Validation of Cloud Service Components

Author(s): Philipp Stephanow, Mohammad Moein, Christian Banse
Published in: 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2017, Page(s) 255-262
DOI: 10.1109/cloudcom.2017.29

Reducing Implementation Efforts in Continuous Auditing Certification Via an Audit API

Author(s): Dorian Knoblauch, Christian Banse
Published in: 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), 2019, Page(s) 88-92
DOI: 10.1109/wetice.2019.00025

Evaluating the Performance of Continuous Test-Based Cloud Service Certification

Author(s): Philipp Stephanow, Christian Banse
Published in: 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2017, Page(s) 1117-1126
DOI: 10.1109/ccgrid.2017.134

Semiautomatizované porovnávanie certifikačných schém cloudových služieb




Development of the new EU-SEC certification framework for cloud computer services

Author(s): Anton Ujčič, Bojan Pohar
Published in: DSI 2018 Days of Slovenian Informatics, 2018

The European Security Cerification Framework EU-ESC

Author(s): Anton Ujčič, Darja Lihteneger
Published in: IJU 2017 Informatics in Public administration, 2017

Europäisches Rahmenwerk für Continuous Auditing based Certification

Author(s): Dorian Knoblauch, Jürgen Großmann, Linda Strick, Alain Pannetrat
Published in: IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, 2019

EU-SEC helpt auditors

Author(s): André Koot
Published in: de IT-Auditor, Issue IT Auditor 2-2019, 2019

Towards Automatic Comparison of Cloud Service Security Certifications

Author(s): Martin Labaj, Karol Rástočný, Daniela Chudá
Published in: SOFSEM 2019: Theory and Practice of Computer Science - 45th International Conference on Current Trends in Theory and Practice of Computer Science, Nový Smokovec, Slovakia, January 27-30, 2019, Proceedings, Issue 11376, 2019, Page(s) 298-309
DOI: 10.1007/978-3-030-10801-4_24