The creation of this holistic framework, is supported by the following objectives:
To provide Technical and Organizational Measures, TOMs
Associated quantitative/qualitative security metrics, machine-readable certification languages, and risk-based techniques to support security certification of cloud supply chains.
To Provide Security Validation Techniques, Processes and Tools
Allowing cloud providers to gather trustworthy evidences of implemented TOMs, in accordance to defined assurance levels in the EU Cybersecurity Act.
To Implement and Integrate the Software Tools and Mechanisms to manage the life-cycle of cloud security certifications
Achieving the highest assurance level defined by the EU Cybersecurity Act (e.g., continuous monitoring-based certification).
To Validate the outcomes in real use cases
Covering the three cloud service layers (IaaS, PaaS and SaaS).
To Raise the awareness on the benefits of the contributed framework in the context of the EU Cybersecurity Act
Supporting activities related to European training, awareness and relevant standardization activities.