The MEDINA project aims to provide continuous, real-time certification for secure cloud computing services in compliance with EU standards. It develops tools to automate evidence collection, assessment, and management to streamline the certification process. This allows cloud services to continuously monitor controls, metrics, and security risks to maintain certification more efficiently.

1. Security framework to achieve a
continuous audit-based certification in compliance with
the EU-wide cloud security certification scheme.
Lifecycle
management
of certificates
Continuous
compliance
Automated
evidence
management
Certification metrics
and specification
languages

2. Main goal
The objective of the Horizon 2020 MEDINA project is to provide access
to secure, real-time certified cloud computing.
In the future, the MEDINA platform that has been developed by the Euro-
pean project partners strife for enabling continuous certification through
a series of efficient tools. This is based on the European Cybersecuri-
ty Certification Scheme for Cloud Services (EUCS), which have been ad-
dressed in the project by means of uniform “assessment rules” – meas-
ures, metrics, and measurement procedures.
EU
Continuous
Cybersecurity
Certification
Orchestrator
Dashboard/UI
Certificate
Auditor
Cloud Service
Provider
Cyber Security
framework
Assessment
of Cyber
Security Risk &
optimisation
Trustworthiness
and certificate
lifecycle
management
Assessment of
collected evidence
(traditional &
NLP enhanced)
Automatic
Evidence
Collection
Catalogue
of Controls &
Metrics

3. Increase in Efficiency with MEDINA
By integrating and implementing MEDINA, compliance managers at
cloud service providers can work with audit catalogs either via a MEDINA
unified UI or a company compliance dashboard and delegate them for
subsequent in-house processing. The measurement procedures have
already been established, and the current status can be tracked easily.
Accredited auditors use secure access points to access the evidence.
The continuous assurance of comprehensive data and information se-
curity enhances the trustworthiness and the transparency of cloud ser-
vices, while delivering a major boost to efficiency.
Benefits
Documented guidance on how to perform the checks, what
actions to take, and what supporting evidence is required greatly
minimizes the overall time commitment.
Comprehensive support regarding continuous compliance with
metrics related to the EUCS reduces the labor, cost, and risk
involved in achieving and maintaining certification.
Automatic collection and evaluation of evidence significantly
minimizes both workload and costs.
A seamless audit trail of the evidence provides traceability and
protection against manipulation, ensuring document integrity at
all times.

4. This project has received funding from the European
Union’s Horizon 2020 research and innovation
programm under grant agreement No 952633
www.medina-project.eu
CONSORTIUM:
BOSCH
European Certification
of Multi-cloud backends
for IoT Solutions
USE CASES: FABASOFT
Continuous Audit of
SaaS Solutions – Public
and Private
Project Manager:
Cristina Martínez
CONTACT: cristina.martinez@tecnalia.com
+34 946 430 850