In October 2022, six new public deliverables have been released and published on the MEDINA project website. These deliverables correspond to the prototypes of the second version of MEDINA Framework components.

• D2.4 Specification of the Cloud Security Certification Language-v2

This deliverable presents the definition and implementation of the Cloud Certification Language which encompasses three major phases: 1) the encoding of requirements of cloud certification schemas – written in natural language – in a Controlled Natural Language (CNL), so called MEDINA CNL; 2) the editing of the requirements in MEDINA CNL through an editor tool; and 3) the mapping of the CNL requirements to a domain specific language (DSL).

• D2.7- Risk-based techniques and tools for Cloud Security Certification – v2

This deliverable contains the risk-based cost/benefit analysis for the selection of security controls. The main goal of this deliverable is to describe the computational model and tool for risk assessment which supports compliance verification and certification process.

• D3.2 Tools and techniques for the management of trustworthy evidence-v2

This deliverable will encompass techniques on how to integrate different tools to gather and manage trustworthy evidence on various levels as well as on how to ensure the trustworthiness of evidence across the lifecycle, i.e., using Blockchain/DLT. The document presents an improved version of the tool used for trustworthy evidence management in MEDINA and the architecture of the MEDINA Evidence Management Tools.

• D3.5 Tools and techniques for collecting evidence of technical and organisational measures – v2

This deliverable presents tools and techniques for the evidence collection of technical measures, such as security assessment of virtual machines, containers and server less functions or based on the analysis of information and data flows as well as organisational measures through the use of machine-learning and NLP. The document is the second version of the design, implementation, and integration of the MEDINA evidence gathering components.

• D4.2- Tools and Techniques for the Management and Evaluation of Cloud Security Certifications – v2

This deliverable contains contributions towards the automation of certification evaluation and management steps, as well as risk assessments and possible mitigations regarding the protection of evidence and certificate management. The document describes MEDINA’s contribution towards the continuous evaluation of security assessments of cloud services. These contributions include an approach for continuously aggregating assessment results, as well as deriving a decision about the certificate state.

• D5.2- MEDINA requirements, Detailed architecture, DevOps infrastructure and CI/CD and verification strategy-v2

This deliverable has a threefold goal. Firstly, it contains the requirements of the MEDINA framework in close collaboration with Task 6.1. Secondly, it describes the MEDINA architecture: its components, workflow, and interfaces. Thirdly, it details the DevOps infrastructure, namely the set of tools and services to support the continuous integration and deployment phases, as well as the CI/CD strategy followed for the integration of the MEDINA framework.

More info