The Inner Circle

Expand all | Collapse all

ENISA - EUCS – CLOUD SERVICES SCHEME - Draft For External Peer Review

  • 1.  ENISA - EUCS – CLOUD SERVICES SCHEME - Draft For External Peer Review

    Posted Dec 27, 2020 04:10:00 AM
      |   view attached

    Hi All,

    Attached is the present version of the European Union Cybersecurity Certification Scheme for Cloud Services (EUCS), which is a
    draft version, to be used as the basis for an External Review. Find the link to the review at the end of this post.


    The objective of this review is to validate the principles and general organization of the proposed scheme and to
    gather feedback on the proposed wording of the sections and annexes.


    The candidate EUCS scheme (European Cybersecurity Certification Scheme for Cloud Services), looks into the
    certification of the cybersecurity of cloud services. The scheme draws from many different sources, the first one being
    the report of the CSP-CERT Working Group, which was delivered in 2019 and provided a basic framework on which
    the candidate scheme has been developed.

    EUCS supports the three assurance levels in the EUCSA: 'basic', 'substantial' and 'high'. The security requirements on
    cloud services and on their assessment increase with levels in several dimensions: scope, rigour and depth. The
    requirements at level 'high' are demanding and close to the state-of-the-art, whereas the requirements at level 'basic'
    define a minimum acceptable baseline for cloud cybersecurity. That baseline is nevertheless comprehensive, as it
    covers all major aspects of cloud security. Cloud service providers of any size can use it to demonstrate that they have
    set up a framework for guaranteeing some security of their customers. The 'substantial' level, in between, will serve to
    protect business, and may be the level of choice for many applicants and their users.

    The terminology is not final only defines essential words, and it is complemented by the terminology defined in
    Annex I: (Terminology).

    The instructions for completing the external review can be found via the link below:

    Draft Cybersecurity Certification Scheme for Cloud Services - EUCS - Public Consultation - https://ec.europa.eu/eusurvey/runner/Public_Consultation_EUCS



    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------



  • 2.  RE: ENISA - EUCS – CLOUD SERVICES SCHEME - Draft For External Peer Review

    Posted 30 days ago

    Thanks Michael! Chunky document - but will try to review.

    Happy end of year for you.



    ------------------------------
    Saan Vandendriessche CCSP | CISSP | CRISC
    Brussels - Belgium
    ------------------------------