MEDINA deliverables released in October 2022
7 Nov, 2022
By Cristina Martinez (TECNALIA)

In October 2022, six new public deliverables have been released and published on the MEDINA project website. These deliverables correspond to the prototypes of the second version of MEDINA Framework components.

This deliverable presents the definition and implementation of the Cloud Certification Language which encompasses three major phases: 1) the encoding of requirements of cloud certification schemas – written in natural language – in a Controlled Natural Language (CNL), so called MEDINA CNL; 2) the editing of the requirements in MEDINA CNL through an editor tool; and 3) the mapping of the CNL requirements to a domain specific language (DSL).

This deliverable contains the risk-based cost/benefit analysis for the selection of security controls. The main goal of this deliverable is to describe the computational model and tool for risk assessment which supports compliance verification and certification process.

This deliverable will encompass techniques on how to integrate different tools to gather and manage trustworthy evidence on various levels as well as on how to ensure the trustworthiness of evidence across the lifecycle, i.e., using Blockchain/DLT. The document presents an improved version of the tool used for trustworthy evidence management in MEDINA and the architecture of the MEDINA Evidence Management Tools.

This deliverable presents tools and techniques for the evidence collection of technical measures, such as security assessment of virtual machines, containers and server less functions or based on the analysis of information and data flows as well as organisational measures through the use of machine-learning and NLP. The document is the second version of the design, implementation, and integration of the MEDINA evidence gathering components.

This deliverable contains contributions towards the automation of certification evaluation and management steps, as well as risk assessments and possible mitigations regarding the protection of evidence and certificate management. The document describes MEDINA’s contribution towards the continuous evaluation of security assessments of cloud services. These contributions include an approach for continuously aggregating assessment results, as well as deriving a decision about the certificate state.

This deliverable has a threefold goal. Firstly, it contains the requirements of the MEDINA framework in close collaboration with Task 6.1. Secondly, it describes the MEDINA architecture: its components, workflow, and interfaces. Thirdly, it details the DevOps infrastructure, namely the set of tools and services to support the continuous integration and deployment phases, as well as the CI/CD strategy followed for the integration of the MEDINA framework.

More info