Robert Bosch GmbH has prepared a whitepaper entitled ‘EUROSCAL – Paving the Road Towards Automated Cybersecurity Certification in Europe’.
Despite the evident advantages automation could bring to traditional cloud cybersecurity certification processes, and in particular to underlying conformance assessments, there are still challenges associated to interoperability and standardization between all involved stakeholders. We refer not only to underlying implementations of relevant tools like the so-called Cloud Security Posture Management (CSPM), but also to the standardized representation of Infrastructure-as-Code cloud services (IaC), catalogues of security requirements, and the security configuration of cloud services to assess. These are necessary challenges to address before the notion of continuous (automated) monitoring of compliance can be fully realized e.g., in the new European Cybersecurity Certification Scheme for Cloud Service (EUCS). In this context, the present whitepaper introduces EUROSCAL, a MEDINA-driven initiative to promote the European use of NIST OSCAL (Open Security Controls Assessment Language) as a feasible solution for achieving interoperability and automating cloud security certification processes.
See whitepaper: Download