ENISA Certification tools for a more transparent cloud

ENISA together with the EC and the C-SIG on Certification has created two tools under the certification objective of the EC Cloud Strategy.

 
The first is the Cloud Certification Schemes List (CCSL). This is a list of (existing) certification schemes relevant to cloud customers. CCSL provides potential customers with an overview of objective characteristics per scheme, to help them understand what certification against a specific scheme means in practice and if it is appropriate for their settings. 
 
The second tool is the Cloud Certification Schemes Metaframework (CCSM) which is a framework made of existing frameworks which maps in detail security requirements (collection of ICT requirements from the public sector-12 MSs) to security objectives in existing certification schemes (from CCSL). The goal is to increase transparency and trust and help customers in the public sector and SMEs with cloud procurement. This first version of CCSM  is restricted to network and information security requirements. It is based on 29 documents with NIS requirements from 11 countries. It covers  27 security objectives, and maps these to 5 cloud certification schemes. 
 
This version of CCSM has been implemented as an online tool. The tool maps different certification schemes to a single list of security objectives. The tool allows customers to choose the security objectives most relevant to them, and
  1. generate a matrix mapping to different cloud certification schemes, and/or
  2. generate procurement checklists or questionaires as printouts or spreadsheets.
 
Links and references