SlideShare ist ein Scribd-Unternehmen logo

MEDINA ESG (Expert Stakeholder Group) presentation

MEDINA
MEDINA

Presentation of the MEDINA project at the ESG meeting (3rd May 2022)

Internet
1 von 23
Downloaden Sie, um offline zu lesen
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952633 MEDINA: Expert Stakeholder Group Meeting Cristina Martinez Martinez (Tecnalia, Spain) Jesus Luna Garcia (Robert Bosch GmbH, Germany)
Agenda 16:00-16:10 Welcome 16:10 – 16:35 MEDINA In a Nutshell 16:35 – 17:25 Selected Topics  Demo 1 – SATRA (25 mins)  Demo 2 – AMOE (25 mins) 17:25 – 17:35 Next Steps 17:35 – 18:00 Open Discussion 5/4/2022 MEDINA ESG Meeting
Welcome Brief Introduction of Participants 5/4/2022 MEDINA ESG Meeting
ESG Members 5/4/2022 MEDINA ESG Meeting Name Affiliation Country Andreas Weiss GAIA-X Germany Clemens Doubrava / Patrick Grete BSI Germany Eric Vetillard ENISA Greece Jim de Haas ABN Amro Netherlands Machiel Bolhuis Oracle / CEN CENELEC Netherlands Meghan Hester GRC Expert US Michaela Iorga U.S. NIST US Roberto Cascella ECSO Italy Ronit Reger Microsoft Azure US Thomas Niessen GAIA-X Germany Volkmar Lotz SAP Research France
MEDINA in a Nutshell Recap / Progress After 18 Months 5/4/2022 MEDINA ESG Meeting
MEDINA Project Objective 5/4/2022 Provide a holistic framework that enhances cloud customers’ control and trust in consumed cloud services, by supporting CSPs (IaaS, PaaS and SaaS providers) towards the successful achievement of a continuous certification aligned to the EU Cybersecurity Certification Scheme for Cloud Services (EUCS). MEDINA ESG Meeting
EU Cybersecurity Act The EU Cybersecurity Act (EUCSA, April-2019), proposes the creation of EU-wide cybersecurity certification schemes in order to:  provide an EU-wide cybersecurity baseline (requirements, audit methods)  enable customers to make risk-based decisions about cybersecurity  enable continuous cybersecurity compliance Two EUCSA-derived certification schemes are under preparation:  EUCC – Cybersecurity Certification Scheme for Common Criteria  EUCS - Cybersecurity Certification Scheme for Cloud Services MEDINA ESG Meeting
EUCS at a glance – Continuous Monitoring Source: https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme MEDINA ESG Meeting
Bridging the Gap MEDINA ESG Meeting 5/4/2022
MEDINA At a Glance 1st November 2020 – 30th October 2023 EU Budget 4,480,308.75€ 5/4/2022 MEDINA ESG Meeting
Paving the Road for EUCS- Continuous Existing Certifications Approach in MEDINA Assurance based on point-in-time assessments Continuous audit-based certification. Tamper-proof evidence stored in DLT. Mostly manual/time consuming assessment processes NLP to ease assessment of organizational measures. OSCAL automation for CSP-agnostic assessments. Lack of transparency in cloud security posture Role-based visualizations provide different levels of granularity and assurance for EUCS certificates. High customization effort in commercial CSPM tools (Cloud Security Posture Management) Automated generation of compliance assessment rules based derived from EUCS catalogue. 5/4/2022 MEDINA ESG Meeting
High-level Building Blocks 5/4/2022 MEDINA ESG Meeting
MEDINA After 18 Months Work Package Keywords Highlights at M18 WP2 Security controls framework, metrics, risk management, NLP Initial prototypes, draft catalogue of metrics, NLP leverage, OSCAL experimentation WP3 Evidence management, organizational measures Initial prototypes available, NLP for assessing organizational measures, DLT deployment WP4 Certificate lifecycle management, operational effectiveness, dynamic risk assessment Initial prototypes available, SSI leverage for CAB WP5 Integrated architecture, toolset, development/testing Initial integrated tools / UI available, overall architecture and workflows in draft WP6 Validation use cases, real-world experimentation, multicloud Initial deployments at Fabasoft/Bosch, NLP testing real organizational measures, validation methodology WP7 Exploitation, communication/dissemination, standardization Engagement with exploitation “booster” (HRB), participation in relevant events, standardization roadmap 5/4/2022 MEDINA ESG Meeting
Generic MEDINA Workflows 5/4/2022 MEDINA ESG Meeting Workflow Comment Other/Dependency WF1 - Preparation of Target of Certification (ToC) Setup, configure and deploy the cloud service to certify (ToC) on top of the chosen hyperscaler(s). This process includes configuring the underlying PaaS/IaaS. Prerequisite CSP Responsibility Dependencies: None WF2 - Preparation of MEDINA components Setup, configure and deploy the MEDINA components. Only related to those components under the responsibility of the CSP. Prerequisite CSP Responsibility Dependencies: WF1 WF3 - EUCS deployment on ToC Setup, configure and deploy the corresponding EUCS framework (for the chosen assurance level basic/substantial/high) on the ToC. Prerequisite CSP Responsibility Dependencies: WF1, WF2 WF4 - EUCS Preparedness – ToC Self Assessment Self-assess preparedness for EUCS certification based on the chosen assurance level. This is a risk-based approach. Optional workflow CSP Responsibility Dependencies: WF1, WF2, WF3 WF5 - EUCS – compliance assessment Performs a point-in-time (discrete) EUCS compliance assessment for the ToC. When such discrete assessment is periodically executed, then we achieve the MEDINA notion of “continuous”. Mandatory workflow CAB Responsibility Dependencies: WF1, WF2, WF3 WF6 - EUCS – maintenance of ToC certificate Start certificate maintenance life-cycle for the ToC. Based on current EUCS, the maintenance process comprises the following stages: (issuance), renewal, continuation, update, re-issuance (new certificate), withdrawal, suspension. Mandatory workflow CAB, CSP Responsibility Dependencies: WF1, WF2, WF3, WF5 WF7 - EUCS –report on ToC certificate Reports on EUCS certificate status for a ToC. The report can be obtained by the CAB and the CSP, in which case the level of provided details might vary. Optional workflow CAB, NCCA, CSP Responsibility Dependencies: WF1, WF2, WF3, WF5, WF6
Selected MEDINA Topics The potential of MEDINA 5/4/2022 MEDINA ESG Meeting
Demonstrators SATRA (Self-Assessment Tool for Risk Analysis)  Artsiom Yautsiukhin (CNR) AMOE (Assessment and Management of Organizational evidences)  Franz Berger (Fabasoft) 5/4/2022 MEDINA ESG Meeting
Next Steps 5/4/2022 MEDINA ESG Meeting
Summary and Next Steps MEDINA aims to facilitate the adoption of EUCS, specifically for automated monitoring, while paving the road for continuous certification. What comes next?  Full MEDINA validation with Fabasoft and Bosch  Scalability to different CSPs and Certification Schemes is underway  Plan for exploitation and sustainability of results  Execution of standardization roadmap 5/4/2022 MEDINA ESG Meeting
Standardization Roadmap 5/4/2022 MEDINA ESG Meeting
Summary and Next Steps We appreciate your expert feedback!  General aspects of MEDINA  Tools & validation  Dissemination & standardization activities Of course, please feel free to reach us for in-depth technical discussions! 5/4/2022 MEDINA ESG Meeting
Open Discussion Moderated by: Mika Leskinen (Nixu) 5/4/2022 MEDINA ESG Meeting
MEDINA – Further Reading Further details are available in our public reporting (deliverables) at https://medina- project.eu/public-delivera Communication materials are available at https://medina- project.eu/communication- materials 5/4/2022 MEDINA ESG Meeting
Thank you! www.medina-project.eu // jesus.lunagarcia@de.bosch.com

Empfohlen

First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...MEDINA
 
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...MEDINA
 
MEDINA project brochure 2021
MEDINA project brochure 2021MEDINA project brochure 2021
MEDINA project brochure 2021MEDINA
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Javier Tallón
 
MEDINA General Presentation
MEDINA General PresentationMEDINA General Presentation
MEDINA General PresentationMEDINA
 
MEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA
 
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...GlobalCompliancePanel
 
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMaitena Ilardia
 

Empfohlen

First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...MEDINA
 
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...MEDINA
 
MEDINA project brochure 2021
MEDINA project brochure 2021MEDINA project brochure 2021
MEDINA project brochure 2021MEDINA
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Javier Tallón
 
MEDINA General Presentation
MEDINA General PresentationMEDINA General Presentation
MEDINA General PresentationMEDINA
 
MEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA Brochure 2022.pdf
MEDINA Brochure 2022.pdfMEDINA
 
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...GlobalCompliancePanel
 
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMaitena Ilardia
 
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMEDINA
 
Testing ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsTesting ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsAutomotive IQ
 
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...GlobalCompliancePanel
 
Automation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroAutomation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroMEDINA
 
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...GlobalCompliancePanel
 
The Demonstrator Principle
The Demonstrator PrincipleThe Demonstrator Principle
The Demonstrator PrincipleBart Kusse
 
Introduction to the CWA process - CRISP Final Conference
Introduction to the CWA process - CRISP Final Conference Introduction to the CWA process - CRISP Final Conference
Introduction to the CWA process - CRISP Final Conference CRISP Project
 
CRISP project: overview of findings and lessons learned.
CRISP project: overview of findings and lessons learned.CRISP project: overview of findings and lessons learned.
CRISP project: overview of findings and lessons learned.Trilateral Research
 
Applying iso-san-diego-ca
Applying iso-san-diego-caApplying iso-san-diego-ca
Applying iso-san-diego-caGlobalCompliancePanel
 
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas InstrumentsSOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas InstrumentsTorben Haagh
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
MEDINA brochure 2023
MEDINA brochure 2023MEDINA brochure 2023
MEDINA brochure 2023MEDINA
 
ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsMoutasm Tamimi
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...MEDINA
 
ISO26262 Conference 2019
ISO26262 Conference 2019ISO26262 Conference 2019
ISO26262 Conference 2019Torben Haagh
 
Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report fcleary
 
Mohamed thalha senior mes consultant Resume
Mohamed thalha senior mes consultant ResumeMohamed thalha senior mes consultant Resume
Mohamed thalha senior mes consultant ResumeMohamed Thalha
 
Report lca tools for sustainable procurement final 20100331
Report lca tools for sustainable procurement final 20100331Report lca tools for sustainable procurement final 20100331
Report lca tools for sustainable procurement final 20100331Berend Aanraad
 
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT Perspective
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT PerspectiveSmarter Manufacturing Sustainable Futures 4 FLEXINET project IT Perspective
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT PerspectiveFLEXINET-PROJECT
 
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...MEDINA
 
Whitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLPWhitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLPMEDINA
 

Weitere ähnliche Inhalte

Ähnlich wie MEDINA ESG (Expert Stakeholder Group) presentation

Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSMEDINA
 
Testing ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsTesting ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsAutomotive IQ
 
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...GlobalCompliancePanel
 
Automation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroAutomation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroMEDINA
 
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...GlobalCompliancePanel
 
The Demonstrator Principle
The Demonstrator PrincipleThe Demonstrator Principle
The Demonstrator PrincipleBart Kusse
 
Introduction to the CWA process - CRISP Final Conference
Introduction to the CWA process - CRISP Final Conference Introduction to the CWA process - CRISP Final Conference
Introduction to the CWA process - CRISP Final Conference CRISP Project
 
CRISP project: overview of findings and lessons learned.
CRISP project: overview of findings and lessons learned.CRISP project: overview of findings and lessons learned.
CRISP project: overview of findings and lessons learned.Trilateral Research
 
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas InstrumentsSOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas InstrumentsTorben Haagh
 
MEDINA brochure 2023
MEDINA brochure 2023MEDINA brochure 2023
MEDINA brochure 2023MEDINA
 
ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsMoutasm Tamimi
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...MEDINA
 
ISO26262 Conference 2019
ISO26262 Conference 2019ISO26262 Conference 2019
ISO26262 Conference 2019Torben Haagh
 
Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report fcleary
 
Mohamed thalha senior mes consultant Resume
Mohamed thalha senior mes consultant ResumeMohamed thalha senior mes consultant Resume
Mohamed thalha senior mes consultant ResumeMohamed Thalha
 
Report lca tools for sustainable procurement final 20100331
Report lca tools for sustainable procurement final 20100331Report lca tools for sustainable procurement final 20100331
Report lca tools for sustainable procurement final 20100331Berend Aanraad
 
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT Perspective
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT PerspectiveSmarter Manufacturing Sustainable Futures 4 FLEXINET project IT Perspective
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT PerspectiveFLEXINET-PROJECT
 

Ähnlich wie MEDINA ESG (Expert Stakeholder Group) presentation (20)

Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCSDay2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
 
Testing ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsTesting ADAS & Self Driving Cars
Testing ADAS & Self Driving Cars
 
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
ApApplying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Imple...
 
Automation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in EuroAutomation-based Certification for Cloud Services in Euro
Automation-based Certification for Cloud Services in Euro
 
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
Applying ISO14971 / IEC62304 / IEC62366-1 A Practical Guide On How To Impleme...
 
The Demonstrator Principle
The Demonstrator PrincipleThe Demonstrator Principle
The Demonstrator Principle
 
Introduction to the CWA process - CRISP Final Conference
Introduction to the CWA process - CRISP Final Conference Introduction to the CWA process - CRISP Final Conference
Introduction to the CWA process - CRISP Final Conference
 
CRISP project: overview of findings and lessons learned.
CRISP project: overview of findings and lessons learned.CRISP project: overview of findings and lessons learned.
CRISP project: overview of findings and lessons learned.
 
Applying iso-san-diego-ca
Applying iso-san-diego-caApplying iso-san-diego-ca
Applying iso-san-diego-ca
 
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas InstrumentsSOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
MEDINA brochure 2023
MEDINA brochure 2023MEDINA brochure 2023
MEDINA brochure 2023
 
ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEs
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentation
 
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
 
ISO26262 Conference 2019
ISO26262 Conference 2019ISO26262 Conference 2019
ISO26262 Conference 2019
 
Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Mohamed thalha senior mes consultant Resume
Mohamed thalha senior mes consultant ResumeMohamed thalha senior mes consultant Resume
Mohamed thalha senior mes consultant Resume
 
Report lca tools for sustainable procurement final 20100331
Report lca tools for sustainable procurement final 20100331Report lca tools for sustainable procurement final 20100331
Report lca tools for sustainable procurement final 20100331
 
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT Perspective
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT PerspectiveSmarter Manufacturing Sustainable Futures 4 FLEXINET project IT Perspective
Smarter Manufacturing Sustainable Futures 4 FLEXINET project IT Perspective
 

Mehr von MEDINA

Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...MEDINA
 
Whitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLPWhitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLPMEDINA
 
Whitepaper MEDINA CNL
Whitepaper MEDINA CNLWhitepaper MEDINA CNL
Whitepaper MEDINA CNLMEDINA
 
Whitepaper EUROSCAL MEDINA
Whitepaper EUROSCAL MEDINAWhitepaper EUROSCAL MEDINA
Whitepaper EUROSCAL MEDINAMEDINA
 
Assessing the Trustworthiness of AI Systems
Assessing the Trustworthiness of AI SystemsAssessing the Trustworthiness of AI Systems
Assessing the Trustworthiness of AI SystemsMEDINA
 
MEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certificationMEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certificationMEDINA
 
Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...MEDINA
 
MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...MEDINA
 
Whitepaper MEDINA Architecture
Whitepaper MEDINA ArchitectureWhitepaper MEDINA Architecture
Whitepaper MEDINA ArchitectureMEDINA
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 

Mehr von MEDINA (11)

Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
 
Whitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLPWhitepaper MEDINA Metric Recommender NLP
Whitepaper MEDINA Metric Recommender NLP
 
Whitepaper MEDINA CNL
Whitepaper MEDINA CNLWhitepaper MEDINA CNL
Whitepaper MEDINA CNL
 
Whitepaper EUROSCAL MEDINA
Whitepaper EUROSCAL MEDINAWhitepaper EUROSCAL MEDINA
Whitepaper EUROSCAL MEDINA
 
Assessing the Trustworthiness of AI Systems
Assessing the Trustworthiness of AI SystemsAssessing the Trustworthiness of AI Systems
Assessing the Trustworthiness of AI Systems
 
MEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certificationMEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certification
 
Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...
 
MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...
 
Whitepaper MEDINA Architecture
Whitepaper MEDINA ArchitectureWhitepaper MEDINA Architecture
Whitepaper MEDINA Architecture
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentation
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentation
 

Kürzlich hochgeladen

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Kürzlich hochgeladen (20)

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 

MEDINA ESG (Expert Stakeholder Group) presentation

  • 1. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952633 MEDINA: Expert Stakeholder Group Meeting Cristina Martinez Martinez (Tecnalia, Spain) Jesus Luna Garcia (Robert Bosch GmbH, Germany)
  • 2. Agenda 16:00-16:10 Welcome 16:10 – 16:35 MEDINA In a Nutshell 16:35 – 17:25 Selected Topics  Demo 1 – SATRA (25 mins)  Demo 2 – AMOE (25 mins) 17:25 – 17:35 Next Steps 17:35 – 18:00 Open Discussion 5/4/2022 MEDINA ESG Meeting
  • 3. Welcome Brief Introduction of Participants 5/4/2022 MEDINA ESG Meeting
  • 4. ESG Members 5/4/2022 MEDINA ESG Meeting Name Affiliation Country Andreas Weiss GAIA-X Germany Clemens Doubrava / Patrick Grete BSI Germany Eric Vetillard ENISA Greece Jim de Haas ABN Amro Netherlands Machiel Bolhuis Oracle / CEN CENELEC Netherlands Meghan Hester GRC Expert US Michaela Iorga U.S. NIST US Roberto Cascella ECSO Italy Ronit Reger Microsoft Azure US Thomas Niessen GAIA-X Germany Volkmar Lotz SAP Research France
  • 5. MEDINA in a Nutshell Recap / Progress After 18 Months 5/4/2022 MEDINA ESG Meeting
  • 6. MEDINA Project Objective 5/4/2022 Provide a holistic framework that enhances cloud customers’ control and trust in consumed cloud services, by supporting CSPs (IaaS, PaaS and SaaS providers) towards the successful achievement of a continuous certification aligned to the EU Cybersecurity Certification Scheme for Cloud Services (EUCS). MEDINA ESG Meeting
  • 7. EU Cybersecurity Act The EU Cybersecurity Act (EUCSA, April-2019), proposes the creation of EU-wide cybersecurity certification schemes in order to:  provide an EU-wide cybersecurity baseline (requirements, audit methods)  enable customers to make risk-based decisions about cybersecurity  enable continuous cybersecurity compliance Two EUCSA-derived certification schemes are under preparation:  EUCC – Cybersecurity Certification Scheme for Common Criteria  EUCS - Cybersecurity Certification Scheme for Cloud Services MEDINA ESG Meeting
  • 8. EUCS at a glance – Continuous Monitoring Source: https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme MEDINA ESG Meeting
  • 9. Bridging the Gap MEDINA ESG Meeting 5/4/2022
  • 10. MEDINA At a Glance 1st November 2020 – 30th October 2023 EU Budget 4,480,308.75€ 5/4/2022 MEDINA ESG Meeting
  • 11. Paving the Road for EUCS- Continuous Existing Certifications Approach in MEDINA Assurance based on point-in-time assessments Continuous audit-based certification. Tamper-proof evidence stored in DLT. Mostly manual/time consuming assessment processes NLP to ease assessment of organizational measures. OSCAL automation for CSP-agnostic assessments. Lack of transparency in cloud security posture Role-based visualizations provide different levels of granularity and assurance for EUCS certificates. High customization effort in commercial CSPM tools (Cloud Security Posture Management) Automated generation of compliance assessment rules based derived from EUCS catalogue. 5/4/2022 MEDINA ESG Meeting
  • 13. MEDINA After 18 Months Work Package Keywords Highlights at M18 WP2 Security controls framework, metrics, risk management, NLP Initial prototypes, draft catalogue of metrics, NLP leverage, OSCAL experimentation WP3 Evidence management, organizational measures Initial prototypes available, NLP for assessing organizational measures, DLT deployment WP4 Certificate lifecycle management, operational effectiveness, dynamic risk assessment Initial prototypes available, SSI leverage for CAB WP5 Integrated architecture, toolset, development/testing Initial integrated tools / UI available, overall architecture and workflows in draft WP6 Validation use cases, real-world experimentation, multicloud Initial deployments at Fabasoft/Bosch, NLP testing real organizational measures, validation methodology WP7 Exploitation, communication/dissemination, standardization Engagement with exploitation “booster” (HRB), participation in relevant events, standardization roadmap 5/4/2022 MEDINA ESG Meeting
  • 14. Generic MEDINA Workflows 5/4/2022 MEDINA ESG Meeting Workflow Comment Other/Dependency WF1 - Preparation of Target of Certification (ToC) Setup, configure and deploy the cloud service to certify (ToC) on top of the chosen hyperscaler(s). This process includes configuring the underlying PaaS/IaaS. Prerequisite CSP Responsibility Dependencies: None WF2 - Preparation of MEDINA components Setup, configure and deploy the MEDINA components. Only related to those components under the responsibility of the CSP. Prerequisite CSP Responsibility Dependencies: WF1 WF3 - EUCS deployment on ToC Setup, configure and deploy the corresponding EUCS framework (for the chosen assurance level basic/substantial/high) on the ToC. Prerequisite CSP Responsibility Dependencies: WF1, WF2 WF4 - EUCS Preparedness – ToC Self Assessment Self-assess preparedness for EUCS certification based on the chosen assurance level. This is a risk-based approach. Optional workflow CSP Responsibility Dependencies: WF1, WF2, WF3 WF5 - EUCS – compliance assessment Performs a point-in-time (discrete) EUCS compliance assessment for the ToC. When such discrete assessment is periodically executed, then we achieve the MEDINA notion of “continuous”. Mandatory workflow CAB Responsibility Dependencies: WF1, WF2, WF3 WF6 - EUCS – maintenance of ToC certificate Start certificate maintenance life-cycle for the ToC. Based on current EUCS, the maintenance process comprises the following stages: (issuance), renewal, continuation, update, re-issuance (new certificate), withdrawal, suspension. Mandatory workflow CAB, CSP Responsibility Dependencies: WF1, WF2, WF3, WF5 WF7 - EUCS –report on ToC certificate Reports on EUCS certificate status for a ToC. The report can be obtained by the CAB and the CSP, in which case the level of provided details might vary. Optional workflow CAB, NCCA, CSP Responsibility Dependencies: WF1, WF2, WF3, WF5, WF6
  • 15. Selected MEDINA Topics The potential of MEDINA 5/4/2022 MEDINA ESG Meeting
  • 16. Demonstrators SATRA (Self-Assessment Tool for Risk Analysis)  Artsiom Yautsiukhin (CNR) AMOE (Assessment and Management of Organizational evidences)  Franz Berger (Fabasoft) 5/4/2022 MEDINA ESG Meeting
  • 18. Summary and Next Steps MEDINA aims to facilitate the adoption of EUCS, specifically for automated monitoring, while paving the road for continuous certification. What comes next?  Full MEDINA validation with Fabasoft and Bosch  Scalability to different CSPs and Certification Schemes is underway  Plan for exploitation and sustainability of results  Execution of standardization roadmap 5/4/2022 MEDINA ESG Meeting
  • 20. Summary and Next Steps We appreciate your expert feedback!  General aspects of MEDINA  Tools & validation  Dissemination & standardization activities Of course, please feel free to reach us for in-depth technical discussions! 5/4/2022 MEDINA ESG Meeting
  • 21. Open Discussion Moderated by: Mika Leskinen (Nixu) 5/4/2022 MEDINA ESG Meeting
  • 22. MEDINA – Further Reading Further details are available in our public reporting (deliverables) at https://medina- project.eu/public-delivera Communication materials are available at https://medina- project.eu/communication- materials 5/4/2022 MEDINA ESG Meeting
  • 23. Thank you! www.medina-project.eu // jesus.lunagarcia@de.bosch.com