ENISA Cloud Certification Schemes Metaframework

This first version of CCSM is restricted to network and information security requirements. It is based on 29 documents with NIS requirements from 11 countries (United Kingdom, Italy, Netherlands, Spain, Sweden, Germany, Finland, Austria, Slovakia, Greece, Denmark). It covers 27 security objectives, and maps these to 5 cloud certification schemes.

Since last year ENISA has been working, together with the Cloud Select Industry Group on Certification Schemes and the European Commission, and produced 2 tools to help customers with cloud security. This work is part of the EU Cloud Strategy. The first tool, CCSL, is a list of (existing) information security certification schemes. CCSL was launched last year and is accessible online.  CCSM is the second tool, and extension of CCSL.

CCSM is already being used:  the EU Commission announced that they opened a large cloud services procurement tender (2500 cloud VMs and 2500 TB’s of cloud storage), which uses the 27 security objectives of CCSM. 

Udo Helmbrecht, Executive Director of ENISA, said: “Cloud security is an important issue for both private and public sector customers in the EU. Obviously certification does not solve all the security issues, but it can simplify some of the procurement steps. This tool helps customers use existing certification schemes and it also offers cloud service providers a format for explaining security measures they take to protect their services.”

This version of CCSM has been implemented as an online tool. The tool maps different certification schemes to a single list of security objectives. The tool allows customers to choose the security objectives most relevant to them, and

  • generate a matrix mapping to different cloud certification schemes, and/or
  • generate procurement checklists or questionaires as printouts or spreadsheets.

Next steps for CCSM would be to include NIS requirements from other countries and to extend the scope of CCSM to include also NIS requirements specific for personal data protection.

For full report and online tool: https://resilience.enisa.europa.eu/cloud-computing-certification

www.enisa.eu

Ähnliche Artikel

Der E-Commerce-Umsatz der Top-100-Onlineshops in Deutschland konnte auch im Jahr 2018 ein zweistelliges Umsatzwachstum erzielen und schafft eine Steigerung von 10,2 Prozent auf 33,6 Milliarden Euro. Dies geht aus…

Bluecode kooperiert jetzt mit cashpresso, um Mobile Payment in Österreich und Deutschland weiter zu etablieren. Nutzer von cashpresso können dadurch jetzt mit ihrem Smartphone am POS bezahlen. Der Bezahlvorgang…

Rund ein Jahr nach Einführung der digitalen girocard in Deutschland verzeichnet die Deutsche Kreditwirtschaft stetig wachsendes Interesse an Mobile Payment. Die Sparkassen waren Ende Juli und die Volksbanken Mitte…

Kommentar oder kurze Frage loswerden?

Kein problem!

  • Dieses Feld dient zur Validierung und sollte nicht verändert werden.