This document discusses the EU-funded MEDINA Project, which aims to address challenges around continuous monitoring and certification of security compliance for dynamic cloud environments. The project is developing an open-source framework with components like a repository of metrics and measures, tools for continuous evidence management and evaluation, and a risk-based auditor tool. Upon completion, the framework will help cloud service providers and auditors more easily ensure frequent infrastructure changes remain compliant with security policies. The goal is to leverage automation to enhance trust for hybrid cloud approaches.