MEDINA: Security framework to achieve a continuous audit-based certification in compliance with the EU-wide cloud security certification scheme. The main objective of the MEDINA Project is to create a Security framework for achieving a continuous audit-based certification in compliance with the EU-wide cloud security certification scheme.of cyber-security and safety solutions which can be implemented by industrial and scientific users to increase their resilience to cyber threats, reduce safety risks and ensure the compliance of industrial standards.
At the core of the MEDINA project is a Modular Framework, that allows CSPs to implement and manage continuous certification of their cloud supply chain aligned to the EU CSA requirements. Because of the myriad of different cloud service delivery model as well as the different provisions on the EU CSA certification scheme, the framework itself needs to be agnostic to the actual cloud service and offer abstractions through different components.
While MEDINA aims to provide a reference implementation of those components, it is important to note that the framework will also allow and guide a CSP to achieve continuous certification through their already established tool-chain (or a combination of both).
Additionally, the MEDINA framework aims to support seamless transition from existing, non-continuous-based certifications, by empirically validating it with respect to the steps required in a regular audit. In the following, the individual components, or rather their role in the framework, will be detailed.