From May-30th to June-3rd 2022, a representative from MEDINA (Jesus Luna, Bosch) travelled to Athens (Greece) to attend the ENISA Cybersecurity Certification week. During those days, MEDINA participated in the meetings organized by the AdHoc Working Group developing EUCS (including a joint meeting with EUCC and EU5G) where our Catalogue of Security Control was showcased. Technical discussions related to leveraging OSCAL both in the Catalogue and EUCS took place, because it was clear for the participants that the notion of continuous (automated) monitoring can only achieve its full potential if a common machine-readable language is supported by the cloud service providers. Further discussions (and pilots) are expected to take place in the context of MEDINA.
Apart from the EUCS-specific meetings, MEDINA also participated in the panel “Cybersecurity utopia: From Security-by-design to Certification-by-Design” which took place during the ENISA Cybersecurity Certification Conference 2022. During the panel, and also frequently mentioned during the whole event, the notion of continuous (automated) and its benefits for cybersecurity certification was highlighted. Furthermore, MEDINA strongly supported the adoption of automation in certification schemes derived from the EU Cybersecurity Act (CSA) because our belief is that the “prime time” has arrived for such feature. The benefits of automation, and real-world implementations of it in the context of EUCS, have a major focus on MEDINA and its demonstrators. Upcoming blogpost will further dig into this interesting topic.