The project “European Security Certification Framework” (EU-SEC) will aim to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international certifications can co-exist. EU-SEC will improve the business value as well as the effectiveness and efficiency of existing cloud security certification schemes.

The EU-SEC project aims to contribute to the trustworthiness, security and compliance of cloud infrastructures. To achieve this goal, the following requirements must be met:

• Existing national and sector-specific certification schemes must be considered and balanced.
• At the same time, costs of certification for Cloud Service Providers (CPS) must be reduced.
• Certification and evaluation activities that can be handled automatically by machines (e.g. collecting data) should not have to be done manually by humans.
• Accurate and reliable information should be made available to authorized persons using automated means.

Key aspects of the development of the framework are:

• automation,
• governance,
• mutual recognition of certifications,
• reusability of already certified components,
• continuous auditing and monitoring,
• reducing the overall duration and cost of cloud certification processes.

The EU-SEC framework will provide a validated reference architecture with appropriate tools. Furthermore, it will develop a governance structure to integrate new requirements into the framework. The framework will enable stakeholders in the ICT security ecosystem to improve the efficiency and effectiveness of their current IT security risk management, assurance and compliance.

The EU-SEC project supports the strategy of the European Union implementing the Digital Single Market Strategy, the European Cloud Initiative, the upcoming NIS Directive as well as the General Data Protection Regulation (GDPR).