Consultation on the draft of the candidate Certification Scheme on Cloud Services (EUCS) - Closed

The European Union Agency for Cybersecurity (ENISA) launched a public consultation from the 22nd December 2020 to the 7th of February 2021 on its first draft of the candidate European Union Cybersecurity Certification Scheme on Cloud Services (EUCS).

Published under Certification

The European Union Agency for Cybersecurity (ENISA) launched a public consultation from the 22nd December 2020 to the 7th of February 2021 on its first draft of the candidate European Union Cybersecurity Certification Scheme on Cloud Services (EUCS). The scheme aims to further improve the Union’s internal market conditions for cloud services by enhancing and streamlining their cybersecurity guarantees. The draft EUCS candidate scheme intends to harmonise the security of cloud services with EU regulations, international standards, best industrial practices, as well as with existing certifications in EU Member States.

The diverse set of market players, complex systems and constantly evolving landscape of cloud services, along with different schemes in Member States, pose challenges to the certification of cloud services. The draft EUCS candidate scheme tackles these challenges by calling for cybersecurity best practices across three levels of assurance and by allowing for a transition from current national schemes in the EU. By defining a security baseline for every assurance level, the draft EUCS candidate scheme is a horizontal and technological scheme that intends to provide cybersecurity assurance throughout the cloud supply chain, and form a sound basis for sectoral schemes.

More specifically, the draft EUCS candidate scheme:

  • Is a voluntary scheme;
  • The scheme’s certificates will be applicable across the EU Member States;
  • Is applicable for all kinds of cloud services – IaaS, PaaS, SaaS, and other cloud services;
  • Boosts trust in cloud services by defining a reference set of security requirements;
  • Covers three assurance levels: ‘Basic’, ‘Substantial’ and ‘High’;
  • Proposes a new approach inspired by existing national schemes and international standards;
  • Defines a transition path from national schemes in the EU;
  • Grants a three-year certification that can be renewed;
  • Includes transparency requirements such as the location of data processing and storage.

The consultation is now closed.

The public consultation period also includes a review by the European Cybersecurity Certification Group (ECCG) and the Stakeholder Cybersecurity Certification Group (SCCG). Following the consultation, the EUCS candidate scheme will be updated and submitted to the ECCG for its opinion.

Webinar -  Certification of Cloud Services

On the 11th of January 2021, the EU Agency for Cybersecurity hold a webinar presentation of the draft EUCS candidate scheme. ENISA Lead Certification Expert Eric Vétillard presented the current draft and answered questions from participants. The webinar was open to the public.

The recording of the webinar, (presentation and Q&A session) is available here below:

 

The slides presented during the webinar are also publicly available: ENISA Cybersecurity Certification of Cloud Services - Presentation

Contact

For any general related questions about the EU Cybersecurity Certification Framework, please contact certification (at) enisa.europa.eu.

Browse the Topics

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information