EMERALD | Evidence Management for Continuous Certification as a Service in the Cloud

Summary
Cloud-based services have grown from basic computing services to complex ecosystems, comprising (virtual) infrastructure, business processes and application code. These advanced services also increasingly leverage the usage of Artificial Intelligence, including Machine Learning or Natural Language Processing techniques, raising the complexity even higher. Due to the cascade of dependencies among the different products and services, the need arose to bring more agility to the certification process of cloud-based services, e.g., using continuous monitoring and assessment, as evidenced by references to it in the certifications of the EU Cybersecurity Act (EU CSA). To transform the continuous assessment and certification concept into the complete realization of a Certification-as-a-Service (CaaS), several challenges need to be solved: 1) current proposed proofs of concepts for continuous monitoring lack interoperability at technology level, 2) the adoption of cloud and edge computing and the incorporation of regulations on specific topics or domains, such as AI, put significant strain on companies to comply with a multitude of different security schemes, 3) existing market fragmentation for continuous certification (scope, methodologies), hinder transparency and accountability in the provision of European cloud services, 4),smart tools and models need to be adopted to ease the agile application and implementation of the CaaS concept reducing complexity in the whole cloud certification value chain easing the adoption of CaaS by the different stakeholders. To overcome these challenges, the design and implementation of the EMERALD CaaS solution leverages the H2020 project MEDINA’s outcomes and advances them to TRL 7 in the EMERALD core. Two PoCs will be provided; one for composite certification and one for mapping requirements to upcoming AI certification schemes. EMERALD will pave the road towards CaaS for continuous certification of harmonized cybersecurity schemes.
Unfold all
/
Fold all
More information & hyperlinks
Web resources: https://cordis.europa.eu/project/id/101120688
Start date: 01-11-2023
End date: 31-10-2026
Total budget - Public funding: 5 498 900,00 Euro - 4 736 427,00 Euro
Cordis data

Original description

Cloud-based services have grown from basic computing services to complex ecosystems, comprising (virtual) infrastructure, business processes and application code. These advanced services also increasingly leverage the usage of Artificial Intelligence, including Machine Learning or Natural Language Processing techniques, raising the complexity even higher. Due to the cascade of dependencies among the different products and services, the need arose to bring more agility to the certification process of cloud-based services, e.g., using continuous monitoring and assessment, as evidenced by references to it in the certifications of the EU Cybersecurity Act (EU CSA). To transform the continuous assessment and certification concept into the complete realization of a Certification-as-a-Service (CaaS), several challenges need to be solved: 1) current proposed proofs of concepts for continuous monitoring lack interoperability at technology level, 2) the adoption of cloud and edge computing and the incorporation of regulations on specific topics or domains, such as AI, put significant strain on companies to comply with a multitude of different security schemes, 3) existing market fragmentation for continuous certification (scope, methodologies), hinder transparency and accountability in the provision of European cloud services, 4),smart tools and models need to be adopted to ease the agile application and implementation of the CaaS concept reducing complexity in the whole cloud certification value chain easing the adoption of CaaS by the different stakeholders. To overcome these challenges, the design and implementation of the EMERALD CaaS solution leverages the H2020 project MEDINA’s outcomes and advances them to TRL 7 in the EMERALD core. Two PoCs will be provided; one for composite certification and one for mapping requirements to upcoming AI certification schemes. EMERALD will pave the road towards CaaS for continuous certification of harmonized cybersecurity schemes.

Status

SIGNED

Call topic

HORIZON-CL3-2022-CS-01-04

Update Date

31-07-2023
Images
No images available.
Geographical location(s)
Structured mapping
Unfold all
/
Fold all
Horizon Europe
HORIZON.2 Global Challenges and European Industrial Competitiveness
HORIZON.2.3 Civil Security for Society
HORIZON.2.3.0 Cross-cutting call topics
HORIZON-CL3-2022-CS-01
HORIZON-CL3-2022-CS-01-04 Development and validation of processes and tools used for agile certification of ICT products, ICT services and ICT processes
HORIZON.2.3.3 Cybersecurity
HORIZON-CL3-2022-CS-01
HORIZON-CL3-2022-CS-01-04 Development and validation of processes and tools used for agile certification of ICT products, ICT services and ICT processes