PAe - public consultation on the project of European certification scheme of cybersecurity in services in the Cloud (EUCS)
accesskey _ mod _ content

Public consultation on the project of European certification scheme of cybersecurity in services in the Cloud (EUCS)

25 january 2021

Logo European Commission

The european union agency for cyber security, ENISA, calls upon the parties concerned to participate in a public consultation on the project of european certification scheme of cybersecurity in services in the cloud (EUCS).

The draft Outline (Opens in new window) that question was proposing a 'open' effective with three different levels of security and the ability to be combined with other certifications to address the market of the cloud regardless of size or type of service providers of cloud (CSP).

The outline EUCS is the second (after outline EUCC) that will be delivered by following the ENISA Law of Cybersecurity (Opens in new window) . ENISA aims to build a framework of certification of cybersecurity consistent with eu laws, certifications, existing international standards and best practices.

The current consultation aims to collect their views, opinions and suggestions on the draft EUCS, deployment and its future implementation, in accordance with article 49 (3) of the law of cybersecurity. The consultation will remain open to contributions as at 7 february.

The draft Outline

This document (Opens in new window) is the result of the working group that involved a wide range of partners and the discussions held during the past year and until the last few days before the issuance of document.

There was a first public consultation during the summer, which had helped to confirm the majority of the principles already question any of the most. There were also discussions with the consultative group of European Consumers (ECCG) and with some member states.

The document has not yet reached a final stage, but it has reached a maturity suitable for a review by third parties. The document is open to revision is a project outline candidate, for what is a rather formal document. The scheme is the main component, but eventually it will be complemented with a full range of guidance documents and best practices that will make its content more accessible. For now, the explanations are scarce in the document, which often contains requirements for raw "".

The main reason to postpone many details of the guidance scheme is that the candidate must be transformed into an implementing act, which after its adoption is complex to update, while targeting can be managed in a more flexible. This is particularly important for this first version of the outline, but some elements of the next guide can be integrated in future versions of the scheme if they are sufficiently stable to be reviewed soon ousted only once in a few years.

It has sought to use the vocabulary consistently in the draft, and the document includes many definitions used in the context of the draft, both the top and bottom of the scheme. Most of the terminology comes from ISO/IEC 17000 and related standards, but because the document is based on very different sources, had to take some decisions, which may be surprising if they come from a source that are not familiar.

Finally, many sections of the document begins with a framework of “ Foreword for revisers ”, which provides specific information on the section and, in particular, on their current condition. In particular, some of the annexes are somehow less mature than the rest of the document, which must be taken into account in its review.

Original source of news (Opens in new window)

  • Security
Subscribe to the youtube channel of OBSAE
Subscribe to the youtube channel of OBSAE