Final review of the EU-SEC Project
News from Feb. 06, 2020
On January 29, 2020, the final review of the EU-SEC project was held in Brussels. After three years, the project had ended according to plan at the turn of the year. Nine partners from research, and industry had worked on new approaches for the security certification of cloud services, which was coordinated by Fraunhofer FOKUS scientist Jürgen Großmann. The project was funded as an “H2020 Innovation Action” by the European Union and had a budget of about three million euros. At the final review in Brussel, the independent reviewers were highly satisfied with the results of the consortium.
Three main innovations were developed in the project: Firstly, the "Multi-Party Recognition Framework", which allows for the mutual recognition of existing cloud security certification- and assurance schemes. Additionally, the "Continuous Auditing based Certification" concept was developed. Thanks to this concept, Cloud services can be audited and certified continuously, as opposed to only auditing at larger intervals, as is the current practice. Finally, a "Privacy Level Agreement Code of Conduct" was created, which formulates requirements according to the EU’s General Data Protection Regulation (EU-GDPR) specifically for cloud services. Compliance with the code of conduct can be certified to service providers with a seal upon request.
All three innovations have great potential to be considered as guiding ideas in the implementation of harmonized certification frameworks within the context of the European Cyber Security Act by ENISA. Initial consultations with ENISA on the possible adoption of ideas from the EU-SEC project have already begun during the project's lifetime.