What is it and what is it intended for?
The CONCORDIA participated through a number of partners in the consultation of the draft version of the EUCS candidate scheme (European Cybersecurity Certification Scheme for Cloud Services). Certification scheme for (cloud) services awards a certificate to a service in case it holds a given non-functional property (e.g., confidentiality, integrity, availability). Services are then selected on the basis of the released certificates.
Why is it important?
This scheme departs from the state of the art where services are evaluated and later certified according to their finalsoftware artifacts only (i.e., the executable service). For the first time, we extend the scope of certification to includeadditional aspects of the service to be evaluated, such as, for instance, the development process. We group these aspects in dimensions to be evaluated, certified, and managed according to the dimension’s peculiarities. Our multi-dimensional certification scheme enables a new generation of service life cycle management, where services are provisioned and composed according to fine-grained certificates.