In MEDINA, we see the topic of standardization as a necessary enabler for maximizing the impact of the project's results, but also to guarantee their sustainability even after our activities have finalized. Aligned with this vision, the project developed its own standardization approach to guarantee both effectiveness and impact, just as presented in a previous blogpost "The role of standardization in MEDINA (part I - Introduction)". The proposed approach is being actively used to support ENISA in relationship to EUCS, but MEDINA has also identified other relevant standardization activities where an impact can be produced. One of those activities is maintained by ISO/IEC as standard 27017:2015 "Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services", which is being currently revised by the corresponding working group. MEDINA (in particular partner Bosch) is part of the so-called "national standardization mirror (DIN)" which can provide expert contributions to the development of ISO/IEC 27017, which uniquely positions our project to disseminate current research efforts into this global ecosystem of standards.
Last September 23th 2022, MEDINA contributed with expert feedback to the revision of the referred standard, by focusing in the following topics:
• Automated monitoring of cloud services' configurations.
• Usage of monitoring data for audit purposes.
• Leverage of industry-accepted specifications for multi-cloud interoperability.
It is our belief that the three topics mentioned above are of critical importance to start overall alignment of ISO/IEC 27017 with EUCS, while at the same time providing the foundations required to accomplish MEDINA vision of continuous-audit based certification. The revision process of ISO/IEC 27017 is scheduled to finalize in Q1/2023, so more discussions on this topic are expected to be led by MEDINA.