Six new public deliverables have been released and published on the MEDINA project website in April 2023. These deliverables are related to the prototypes of the third and final version of the MEDINA Framework components.

• D2.5 Specification of the Cloud Security Certification Language-v3

This deliverable presents the definition and implementation of the Cloud Certification Language which encompasses three major phases: 1) the encoding of requirements of cloud certification schemas – written in natural language — in a Controlled Natural Language (CNL), so called MEDINA CNL; 2) the editing of the requirements in MEDINA CNL through an editor tool; and 3) the mapping of the CNL requirements to a domain specific language (DSL). It is the last of the three deliverables resulting from Task 2.3, Task 2.4 and Task 2.5.

• D2.8 Risk-based techniques and tools for Cloud Security Certification-v3

This deliverable contains the risk-based cost-benefit analysis for the selection of security controls.It describes the core model of the risk-based framework and its implementation as an integral part of the MEDINA framework. It is the last of the three deliverables resulting from Task 2.6.

• D3.3 Tools and techniques for the management of trustworthy evidence-v3

This deliverable encompasses techniques on how to integrate different tools to gather and manage trustworthy evidence on various levels as well as on how to ensure the trustworthiness of evidence across the life-cycle, i.e., using Blockchain/DLT. There have been three iterations of the deliverable, the third iteration (D3.3)  reflects the refined technical arquitecture and the feedback from the implementation at the use cases. This deliverable is the result of Task 3.1 and Task 3.5.

• D3.6 Tools and techniques for collecting evidence of technical and organisational measures-v3

This deliverable presents tools and techniques for the evidence collection of technical measures, such as security assessment of virtual machines, containers and server less functions or based on the analysis of information and data flows as well as organisational measures through the use of machine-learning and NLP. This is the third and final iteration of the tool integration, based on a refinement of the technical architecture and reflects the feedback from the validation at use cases. This deliverable is the result of Task 3.2, Task 3.3 and Task 3.4.

• D4.3 Tools and techniques for the management and evaluation of cloud security certifications-v3

This deliverable contains contributions towards the automation of certification evaluation and management steps, as well as risk assessments and possible mitigations regarding the protection of evidence and certificate management. It is the third and final version of the first WP4 deliverable resulting from Task T4.1, Task 4.2, and Task 4.3.

• D4.5 Methodology and tools for risk-based assessment and security control reconfiguration-v2

This deliverable comprises the methodology as well as the prototype implementation of the risk-based auditor component. This deliverable is the final version reporting resulting from Task 4.4.

More info.