Medina general presentation

General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme

This project has received funding from the European
Union’s Horizon 2020 research and innovation
programme under grant agreement No 952633
MEDINA: Security framework to achieve a
continuous audit-based certification in compliance
with the EU-wide cloud security certification scheme
Leire Orue-Echevarria, PhD, PMP (TECNALIA)

MEDINA At a Glance
1st November 2020 – 30th
October 2023
EU Budget 4,480,308.75€
24/03/2021
MEDINA General Presentation

Context
Low adoption of cloud services in Europe
Why? According to Eurostat (2018)
24/03/2021
MEDINA General Presentation
Risk of a
security
breach
Legal jurisdiction
Data storage
localization
Insufficient skills Lack of interoperability

Context
Can certification be a solution? There are many certification
schemes…
24/03/2021
MEDINA General Presentation
Compliance with Member States’ initiatives by the Top
50 CSPs (XaaS) – Source: SMART 2016/0029. Data from
2018
Accredited certifications by the Top 50 CSPs (XaaS) –
Source: SMART 2016/0029. Data from 2018

Context
And with different
coverage in the
controls, as well as
Different
assessment
methods
24/03/2021
MEDINA General Presentation
% in each scheme (source: SMART 2016/0029)

Context
Several regulations and initiatives have been launched by the
European Commission to promote the adoption of cloud
computing and avoid fragmentation in certification
approaches
24/03/2021
MEDINA General Presentation
2012
European
Cloud
Strategy
Sept. 2017
Data economy package
(09.2017)
FFD & Cybersecurity
package (09.2017)
Dec. 2017
Creation of
two WGs
(SWIPO and
CSPCERT)
June 2018
22.06.2018
Political agreement on FFD
between Council and
Parliament
Oct. 2018
Trialogues on the
Cybersecurity Act
March 2019
12.03.2019
Cybersecurity Act is
adopted
June 2019
Cybersecurity Act is published
CSPCERT delivers the
recommendations to ENISA
and EC
Nov. 2019
European Commission
sends letter to ENISA to
start working on the
scheme for cloud services
March 2020
ENISA AHWG for
cloud services is
launched
Beginning 2021
EU CSCS will be
published and enter
into force
ECCG and SCCG dialogues
Feb. 2019
EU Data strategy is
published

MEDINA Project Objective
24/03/2021
MEDINA General Presentation
Provide a holistic framework that enhances cloud customers’ control and
trust in consumed cloud services, by supporting CSPs (IaaS, PaaS and SaaS
providers) towards the successful achievement of a continuous
certification aligned to the EU Cybersecurity Act (EU CSA). […] The
proposed framework will be comprised of tools, techniques, and
processes supporting the continuous auditing and certification of cloud
services where security and accountability are measurable by design. As
the MEDINA framework is leveraged into a cloud supply chain, it will
support continuously assessing the efficiency and efficacy of security
measures to ultimately achieve and maintain a certification.

Overview
24/03/2021
MEDINA General Presentation

MEDINA Approach
24/03/2021
MEDINA General Presentation

Benefits
Guidance on the implementation of the controls, measures
to be applied and evidences to be collected, reducing the
time
Support for an automatic compliance of the controls of
existing certification schemes, reducing the effort, cost and
risk of achieving and maintaining a certification
Ease the effort in the collection and evaluation of evidences
Ensure the Audit Trail of the evidences, and that no one has
tampered with them
24/03/2021
MEDINA General Presentation

Target users
CSPs: IaaS, SaaS, PaaS, XaaS
Auditors
CABs
24/03/2021
MEDINA General Presentation

Thank you!
www.medina-project.eu // Leire.orue-echevarria@tecnalia.com

This whitepaper reports on lessons learned related to the experimentation performed by the MEDINA team on the topic of continuous (automated) monitoring, just as required by the High Assurance baseline of the draft version of the European Cybersecurity Certification Scheme for Cloud Service (EUCS). Besides the reported process and obtained results, we also provide a set of recommendations to relevant stakeholders (in particular Cloud Service Providers and Auditors) with the goal of supporting the uptake of EUCS for High Assurance.

SerIot Hypothesis Testing Module

SerIoT: Penetration testing

This document discusses penetration testing of the SerIoT system funded by Horizon 2020. It describes an approach to penetration testing that includes 1) unified modeling of security requirements and vulnerabilities, 2) implementing specific test cases that simulate attacks, and 3) generating code-based security tests. The overview explains that the testing involves defining a secure model and vulnerability model, analyzing vulnerabilities, implementing test cases as scripts, executing the test cases on SerIoT components, and reporting results. An example shows how an SQL injection vulnerability test case verifies a security requirement.

Multi Agent Anomaly detection Module

Tech 2 Tech: increasing security posture and threat intelligence sharing

Jisc

The document discusses increasing the security posture of Janet-connected organizations. It proposes updating the Janet Security Policy to block high-risk inbound traffic by default, require annual security reviews, and allow proactive vulnerability scanning. A maturity model is suggested to help with reviews. It also proposes a Jisc Cyber Threat Intelligence Sharing Group using the open-source MISP platform to enable threat information sharing between participating organizations.

SerIoT: Formal Verification

Cognitive Packet Network with Software Defined Networks using the Random Neur...

The Knowledge Transfer Network Creative, Digital & Design

The document discusses challenges with third party access to business information and proposes a new framework called the Common Assurance Maturity Model (CAMM) to address these challenges. CAMM aims to provide a standardized way to objectively measure a third party's information risk management maturity using predefined controls. It would leverage existing standards and audit spending, allow third parties to showcase their maturity levels for transparency, and help businesses incorporate risk management into procurement decisions. The framework is intended to be modular to suit different business needs and remove duplicate auditing of third parties.

CTO-CyberSecurityForum-2010-Anthony dyhouse

segughana

The Knowledge Transfer Networks (KTNs) were set up in the UK to facilitate knowledge sharing and collaboration between business, government, and academia. The Digital Systems KTN focuses on key digital technologies and brings together experts to address challenges like cybersecurity, cloud computing, and smart transportation. Collaboration is important for tackling issues in a digital society by sharing expertise, innovations, and understanding of problems. The KTN promotes collaboration through events, funding, special interest groups, and knowledge sharing to help overcome challenges like data security and privacy. There is potential to expand this model internationally to form a coordinated global response to cybersecurity threats.

ARIES Project Presentation

Nicolás Notario

This document discusses the ARIES project, which aims to create a reliable European identity ecosystem. The project received funding from the European Union's Horizon 2020 program to address identity management, strengthen the link between physical and virtual identities, and address all aspects of identity-related crimes. The consortium includes large companies, SMEs, research institutions, law enforcement agencies, and online service providers. The project will develop use cases around identity virtualization and secure e-commerce and validate results through a vision for a secure identity ecosystem.

5G Info Day

The document summarizes the 5G-PPP Success project. It received €7.6M in funding over 2 years from November 2015 to October 2017. The project aims to develop trust and security models for the 5G infrastructure using semantic modeling approaches. These models will then be used to create "trust enablers" or tools to help stakeholders such as researchers, network designers and operators, and application developers manage security risks in 5G networks. The IT Innovation Centre will contribute 62 person-months and €553k to the project to develop these semantic models and tools.

2019 04-08 hopu-aj

Open & Agile Smart Cities

This document discusses standardization activities related to the ACTIVAGE project. It describes contributions to standards for body area networks, sensor integration, and data modeling. It discusses the development of an extension to the SAREF standard for eHealth and aging well domains. It also covers the IEEE P2510 standard for establishing quality of data sensor parameters, and the opportunities for digital innovation hubs around this standard. The document concludes that data quality is crucial for industries like health, and that certification processes for vendors will be important to integrate as work continues.

13th International Conference on Network Security & Applications (CNSA 2020)

SerIoT Traffic Generator and Detector of malicious traffic patterns

HITSerIoTProject

This document discusses the creation of an annotated dataset for malicious network traffic patterns using the Secure and Safe Internet of Things (SerIoT) project. It describes how a bot network with multiple virtual machines was used to generate both benign and malicious (SYN TCP attack) network traffic. The raw packet captures were analyzed and segmented into 5-second windows annotated with the number of half-open TCP connections to create a labeled dataset for training artificial intelligence models to detect malicious traffic patterns. Random neural networks were found to more accurately detect denial of service attacks compared to other models like LSTM when trained on this dataset. The attack detector is being deployed in use cases of the SerIoT system to help inform its routing engine of malicious activity.

13th International Conference on Network Security & Applications (CNSA 2020)

pijans

Call for papers - 13th International Conference on Network Security & Appli...

13th International Conference on Network Security & Applications (CNSA 2020) focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this conference is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and counter measures and establishing new collaborations in these areas. Authors are solicited to contribute to the conference by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the areas of Security & its applications.

20190523 archiver fim

This document provides an overview of federated identity management for the ARCHIVER project. It discusses key concepts like identity providers, service providers and protocols. It recommends that ARCHIVER select a service provider proxy, research institutes ensure they have SAML identity providers, and services support SAML or OIDC. Next steps include deciding on a service provider proxy, ensuring identity providers and services support federated protocols, and complying with policies to encourage attribute sharing. Testing tools and further help are also referenced.

Communication and collaboration solutions from Safeguard IT Ltd

Russell Pearson

InteGrid SRA & Replication Roadmap (02/06/2020)

Sergio Potenciano Menci

A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...

ATMOSPHERE .

Call for Papers - 8th International Conference of Security, Privacy and Trust...

8th International Conference of Security, Privacy and Trust Management (SPTM 2020) looks for significant contributions to Trust management for networks. Original papers are invited on Security, Privacy and Trust Management of wireless and wired networks. The goal of this Conference is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.

Geant cloud peering-v2

The Research Council of Norway, IKTPLUSS

This document provides an introduction to GÉANT and its Cloud Peering service. GÉANT operates a pan-European research and education network that interconnects National Research and Education Networks (NRENs) across Europe. It also manages a portfolio of services to support collaboration. The Cloud Peering service allows cloud providers to connect directly to GÉANT's network or through local NRENs to reach research communities. Options for connection include going through an NREN, direct peering at a GÉANT point of presence, or at an internet exchange. Costs vary depending on the connection method and capacity.

EOSC-hub & RCauth.eu presentation

EOSC-hub project

RCauth.eu is an online PKI service that provides access to secured services through client certificates and delegation capabilities without exposing the complexity of PKI to users. It has three components - a web frontend based on US-CIlogon software, a backend CA based on myproxy-server with an HSM, and a filtering WAYF connected to eduGAIN. The service is supported by various European organizations and provides credentials that comply with IGTF assurance levels to qualified users who meet REFEDS and Sirtfi requirements.

CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...

The document discusses the Cloud Security Alliance (CSA) Cloud Trust Protocol (CTP) and the A4Cloud project. The CTP is designed to allow cloud service clients to request and receive security-related information from cloud providers to promote transparency and trust. The A4Cloud project focuses on accountability in the cloud and developing mechanisms and tools to help cloud providers demonstrate compliance and allow for effective governance. The CSA and A4Cloud are working to standardize security attributes, integrate the CTP into frameworks like the Open Certification Framework, and establish a CTP working group to further define and implement the protocol.

Key Outputs of the E-CRIME project

Trilateral Research

The E-CRIME project received EU funding to research cybercrime over three years with 10 partners across 8 countries. The project aims to measure the economic impact of cybercrime, develop deterrence measures, and increase awareness among policymakers and the public. Key outputs include a cybercrime taxonomy, training programs, economic models, and policy recommendations to help businesses prevent cybercrime.

Medina general presentation

This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is meant to provide guidance to help cloud providers more easily implement security controls and collect evidence of compliance, reducing the costs and efforts of certification.

Medina general presentation

This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is intended to provide guidance to cloud service providers on implementing security controls and collecting evidence of compliance, making the certification process more efficient.

MEDINA General Presentation

MEDINA Brochure 2022.pdf

The Knowledge Transfer Network Creative, Digital & Design

What's hot

CTO-CybersecurityForum-2010-Des Ward

segughana

CTO-CyberSecurityForum-2010-Anthony dyhouse

segughana

ARIES Project Presentation

Nicolás Notario

5G Info Day

2019 04-08 hopu-aj

Open & Agile Smart Cities

13th International Conference on Network Security & Applications (CNSA 2020)

SerIoT Traffic Generator and Detector of malicious traffic patterns

HITSerIoTProject

13th International Conference on Network Security & Applications (CNSA 2020)

pijans

Call for papers - 13th International Conference on Network Security & Appli...

20190523 archiver fim

Communication and collaboration solutions from Safeguard IT Ltd

Russell Pearson

InteGrid SRA & Replication Roadmap (02/06/2020)

Sergio Potenciano Menci

A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...

ATMOSPHERE .

Call for Papers - 8th International Conference of Security, Privacy and Trust...

Geant cloud peering-v2

The Research Council of Norway, IKTPLUSS

EOSC-hub & RCauth.eu presentation

EOSC-hub project

CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...

Key Outputs of the E-CRIME project

Trilateral Research

What's hot (18)

CTO-CybersecurityForum-2010-Des Ward

CTO-CyberSecurityForum-2010-Anthony dyhouse

ARIES Project Presentation

5G Info Day

2019 04-08 hopu-aj

13th International Conference on Network Security & Applications (CNSA 2020)

SerIoT Traffic Generator and Detector of malicious traffic patterns

13th International Conference on Network Security & Applications (CNSA 2020)

Call for papers - 13th International Conference on Network Security & Appli...

20190523 archiver fim

Communication and collaboration solutions from Safeguard IT Ltd

InteGrid SRA & Replication Roadmap (02/06/2020)

A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...

Call for Papers - 8th International Conference of Security, Privacy and Trust...

Geant cloud peering-v2

EOSC-hub & RCauth.eu presentation

CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...

Key Outputs of the E-CRIME project

Similar to Medina general presentation

Medina general presentation

Medina general presentation

This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is intended to provide guidance to cloud service providers on implementing security controls and collecting evidence of compliance, making the certification process more efficient.

MEDINA General Presentation

MEDINA Brochure 2022.pdf

Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...

This document discusses the EU-funded MEDINA Project, which aims to address challenges around continuous monitoring and certification of security compliance for dynamic cloud environments. The project is developing an open-source framework with components like a repository of metrics and measures, tools for continuous evidence management and evaluation, and a risk-based auditor tool. Upon completion, the framework will help cloud service providers and auditors more easily ensure frequent infrastructure changes remain compliant with security policies. The goal is to leverage automation to enhance trust for hybrid cloud approaches.

Automation-based Certification for Cloud Services in Euro

This document discusses automation-based certification for cloud services in Europe. It provides an overview of the MEDINA project, which aims to enable continuous audit-based certification for cloud services through automation. The MEDINA framework collects technical evidence, assesses compliance automatically, and manages certificates in order to streamline the certification process defined in the EUCS standard. After MEDINA concludes, the lessons learned may be applied to the new COBALT project focusing on certification of AI-enabled systems and quantum computing.

Paving the road towards continuous auditbased certification for cloud service...

This document summarizes a presentation about the MEDINA project, which aims to facilitate the adoption of the EU Cybersecurity Certification Scheme (EUCS) for cloud services. The MEDINA project is developing a security framework and tools to support continuous, automated certification based on evidence management. This will help address challenges with the current point-in-time certification approach and high costs of certification. The MEDINA framework collects evidence, assesses compliance, and manages certification, with the goal of easing the process of continuous certification as required by EUCS. While progress has been made, challenges remain around regulating automated certification and sustaining the project's tools after its completion.

MEDINA brochure 2023

The MEDINA project aims to help stakeholders achieve continuous compliance with the European Union's cloud security certification scheme (EUCS) through automation. It provides a set of tools and techniques that can be accessed through a unified user interface or API to fully manage the certification status of cloud services. Early adopters can implement generic workflows comprising scenarios and roles to streamline the EUCS certification process through guidance and evidence management automation.

MEDINA: Standardization to enable continuous cloud cybersecurity certification

This project called MEDINA received funding from the EU Horizon 2020 programme to develop standardization to enable continuous cloud cybersecurity certification. MEDINA aims to provide a security framework and tools to achieve continuous audit-based certification aligned with the EU Cybersecurity Certification Scheme for Cloud Services. The project runs from November 2020 to October 2023 with a budget of over 4 million euros. One of MEDINA's objectives is to engage standard development organizations to adopt requirements for continuous compliance assessments and automation in line with the EU certification scheme. Achievements so far include supporting the development of the EU certification scheme and contributing to related standards.

MEDINA project brochure 2021

The document discusses a security framework called MEDINA that aims to provide a holistic framework supporting cloud service providers' (CSPs) continuous certification in compliance with the EU cloud security certification scheme. The framework will include a repository of security metrics and measures, tools for selecting controls based on risk levels, a certification language, evidence management tools, a certificate evaluator, and a risk-based auditor tool. This will help CSPs more easily achieve and maintain certification, reducing costs and efforts. Two example use cases are provided for Bosch regarding IoT solutions and Fabasoft regarding SaaS solutions for the public sector.

Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS

The document discusses the EU Cybersecurity Scheme for Cloud Services (EUCS) and its requirements for continuous monitoring and certification. It introduces the MEDINA project, funded by the EU, which aims to develop a framework for achieving continuous audit-based certification aligned with the EUCS through continuous monitoring. The project will leverage the Open Security Controls Assessment Language (OSCAL) for machine-readable representation of security controls and certificates. It seeks collaboration with NIST on further development and adoption of OSCAL to support its goals.

TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...

This document summarizes the results of an experiment conducted to test requirements for continuous monitoring and certification from the European Union's Cloud Services (EUCS) certification scheme. The experiment found that: 1) Existing tools can automate assessment of some EUCS requirements, but coverage is currently limited. 2) A machine-readable format like NIST's OSCAL shows promise for specifying and reporting on automated assessments. 3) While some level of automation is possible now, auditors will still need to review evidence to ensure trustworthy compliance. Standardization of audit processes could help leverage the full potential of automation in the future.

Whitepaper MEDINA Metric Recommender NLP

The document describes a metric recommender system developed as part of the MEDINA project. The system uses natural language processing techniques to automatically associate metrics with security requirements. It plays a key role in the MEDINA framework by translating requirements expressed in natural language to measurable metrics. Initial validation results demonstrate the system's ability to efficiently recommend relevant metrics for requirements based on textual similarity.

MEDINA ESG (Expert Stakeholder Group) presentation

This document summarizes an expert stakeholder group meeting for the MEDINA project. The meeting agenda included an introduction to MEDINA, demonstrations of two tools (SATRA and AMOE), and a discussion of next steps. MEDINA aims to facilitate adoption of the EU Cybersecurity Certification Scheme for continuous cloud certification. Progress after 18 months includes initial prototypes and testing of tools for self-assessment, evidence management, and certificate lifecycle management. Upcoming plans include full validation of MEDINA with industry partners and progressing standardization and exploitation activities.

ECIL: EU Cybersecurity Package and EU Certification Framework

Deutsche Telekom AG

In September 2017 the EU Cybersecurity Package was proposed by the European Commission. The European cybersecurity industry leaders (ECIL) had delivered valuable advice and input to the EU’S CS strategy. In its latest recommendation to the EU Commission ECIL demands a more harmonized cyber policy across the Union. To secure Europe’s Digital Sovereignty and efficient Single Market oriented digital capabilities, Europe needs a holistic platform approach. Technology elements like 5G, Cloud, IoT together should be part of such a platform.

SerIoT Fog Substrate and SDN Security

This document summarizes research conducted by the University of Essex on securing Internet of Things (IoT) networks. It discusses research projects on (1) developing a service-based fog architecture incorporating concepts like Information-Centric Networking to provide flexible IoT services and network resilience, (2) using blockchain and machine learning techniques to improve security of software-defined networking (SDN) on the edge of IoT networks, and (3) building an experimental testbed to test and validate the proposed IoT security solutions.

3rd ARCADIA bronchure

EU ARCADIA PROJECT

This document describes the ARCADIA project, which developed a novel reconfigurable application development paradigm over programmable infrastructure. The ARCADIA framework allows applications to be built from micro-services that can communicate and be reused. It received over 3.5 million Euros in funding from the European Union and involves multiple partners. Three use cases are being developed around energy efficiency, high-performance communications for IoT, and security/privacy support on the FIWARE platform.

1rst ARCADIA bronchure

EU ARCADIA PROJECT

This document summarizes the ARCADIA project, which aims to design and validate a new paradigm for developing highly distributed applications that can dynamically reconfigure based on changes to programmable infrastructure. The project received over 3.5 million Euros in funding from the European Union's Horizon 2020 program and will last 36 months. It involves developing new approaches for application deployment and management over distributed systems while maintaining network reliability, security, and efficiency.

ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM

ATMOSPHERE .

ATMOSPHERE - Concertation Meeting EUBrasilCloudFORUM

EUBrasilCloudFORUM .

Trust is built based on guarantees, previous successful experiences, transparency and accountability. Yet, to-date, the technologies and frameworks necessary to raise confidence on cloud and Big Data applications is still lacking. It is crucial to create this confidence to encourage different business sectors to take up this technology and ultimately improve business efficiency and competitiveness. The ATMOSPHERE project focuses on this issue. ATMOSPHERE will provide a solution to assess trustworthiness of cloud applications dealing with data and support the development of more trustworthy cloud applications. Goal Provide a solution to assess trustworthiness of cloud applications dealing with data and support the development of more trustworthy cloud applications

More from MEDINA

Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...

This document provides an overview of the MEDINA framework for continuous life cycle management of cloud security certifications. It describes the key components, including the Continuous Certification Evaluation component that aggregates assessment results, the Risk Assessment and Optimization Framework that evaluates risk, and the Automated Certificate Life Cycle Manager that determines certificate status and publishes certificates using a self-sovereign identity system. The framework aims to enable automated, continuous assessment and management of certifications to address the dynamic nature of cloud environments.

Whitepaper MEDINA CNL

The document provides an overview of the MEDINA Controlled Natural Language (CNL) which was designed to facilitate the automated assessment of compliance with cybersecurity certification schemes for cloud services. It discusses how CNLs can bridge the gap between natural language security requirements and machine-readable representations. The MEDINA CNL builds upon an existing CNL called CNL4DSA and allows expressing cloud security certification requirements from schemes like EUCS in a formal way using fragments consisting of resource types, metrics, operators, and target values. This enables automated compliance checks for certifications.

Whitepaper EUROSCAL MEDINA

The document introduces EUROSCAL, an initiative to promote the use of NIST's Open Security Controls Assessment Language (OSCAL) for automating cloud security certification processes in Europe. OSCAL aims to standardize how security controls and frameworks are represented, making it easier to assess compliance and monitor controls continuously. The EU-funded MEDINA project is exploring how OSCAL could help address challenges in achieving continuous monitoring and certification as envisioned by the European Union's cloud security certification scheme. EUROSCAL seeks to influence stakeholders to adopt OSCAL standards to fully realize automation benefits for certification.

Assessing the Trustworthiness of AI Systems

Dr. Jesus Luna Garcia discusses assessing the trustworthiness of AI systems. He notes that while AIoT systems are growing, consumer trust in them has declined in recent years. There are challenges to defining and measuring AI trustworthiness as well as developing risk management frameworks for AI. Current work includes collaborating with standards bodies to help pave the road to establishing trustworthy AI and certification methods.

MEDINA - towards continuous (automated) certification of cloud services in Eu...

Whitepaper MEDINA Architecture