The 2012 Communication "Unleashing the Potential of Cloud Computing in Europe" included an action for certification. Therefore, within the Cloud Select Industry Group (C-SIG) the subgroup on Certification Schemes (SIG-Cert) was established with support from the European Union Network and Information Security Agency (ENISA).
Together SIG-Cert and the European Union Agency for Network and Information Security (ENISA) delivered a list of (voluntary) certification schemes for the cloud (CCSL) to give potential cloud customers more transparency about certification schemes and how they relate to the cloud.
As an extension of the CCSL, SIG-Cert and ENISA also delivered the Cloud Certification Schemes Metaframework (CCSM) in order to facilitate the use of existing certification schemes during procurement of cloud services. It provides a neutral, high-level mapping of potential customers' security requirements to security objectives in existing cloud certification schemes.
Information security and certification of cloud computing services are still barriers to the use of cloud computing services in Europe according to the 2014 Eurostat report and the 2015 EU28 Cloud Security Conference.
This C-SIG on Certification Schemes is open for participation by interested stakeholders in the field of cloud computing. Currently the group consists of members of more than 30 organisations in the field of cloud computing and certification.
Timeline and deliverables
The group started its work and amongst others delivered a list of existing cloud relevant certification schemes in the field of security and data protection, and a set of important principles and recommendations on cloud certification.
Summer of 2013:
These intermediary results were validated with the support of ENISA.
- Discussion and endorsement of the proposal by ENISA to work on a detailed list of cloud relevant security certification schemes and a so-called "Metaframework" to compare those schemes as regards cloud customers' security requirements.
- A plenary session of the Cloud Select Industry Group endorsed this approach.
After discussing with the group, ENISA published the list of cloud relevant security certification schemes , thereby completing the work on the key action on cloud computing certification of the European Cloud Computing Strategy.
The list of cloud relevant security certification schemes was finalised by ENISA and the Metaframework of cloud security certification schemes was launched by ENISA.
The list of cloud relevant security certification schemes is published on ENISA's website.
12 November 2014
8 July 2014
2 June 2014
3 April 2014
30 January 2014
4 October 2013
29 May 2013
21 February 2013
If you are interested in shaping the EU's policy on cloud computing certification and your organisation is able to actively contribute to the work of the C-SIG working group, you are invited to join and participate in its work.