Skip to content
Snippets Groups Projects
P

Public

Public repository of the EMERALD EU project. Evidence Management for Continuous Certification as a Service in the Cloud.

Funded under H2020. GA 101120688

README.md

Table of Contents

EMERALD framework

EMERALD’s mission is to provide a user-friendly framework to help stakeholders in the cybersecurity field efficiently manage certifications, enhancing the security and effectiveness of cloud service usage. The proposed EMERALD environment will be the foundation for defining a new service for assisting the certification process that we named Certification-as-a-Service (CaaS).

VISION

Description

With EMERALD, we expect to significantly decrease the time needed to re-certify, select and evaluate new cloud-based services and to facilitate the integration of new services that are not on premise but offered by different and also smaller providers.

The EMERALD approach can be summarized as follows:

  • Different controls from one or more certification schemes are selected, which are a comprehensive set of rules, technical requirements, standards and procedures with which to demonstrate compliance.
  • An intelligent system selects an optimized set of metrics that can be measured to demonstrate compliance to the controls. One such optimization could be the maximum amount of re-used evidence across schemes.
  • EMERALD components continuously extract knowledge on various layers of the cloud service(infrastructure, code, policies and procedures, AI models) and prepare suitable evidence based on them.
  • A graph-based structure (the certification graph) consolidates all necessary information of the service in a uniform way and makes it ready for queries.
  • The audit suite assesses and evaluates chosen metrics based on information provided by the certification graph while providing interoperability to other assessment tools (e.g., based on OSCAL) during the whole life-cycle of the cloud service.

COMPONENTS

Main EMERALD users are:

  • Compliance managers
  • Internal and external auditors
  • Technical implementers

Repository structure

The Public repository of EMERALD project is organized as follows:

  • /Components: is divided in many repositories where the several components of the EMERALD framework can be found
  • /CaaS Framework: files to deploy the CaaS framework
  • /Contribute: contains the guidelines for contribution to the CaaS Framework in EMERALD project
  • /Enroll: provide guidance on how to enroll in the EMERALD project

Three tags M12, M24, M30 define the versions delivered in the three main milestones of the project (at M12, M24 and M30). The main branch will store the final version of the components, as some development and code fixes could continue until the end of the 36-months long project (EMERALD ends at Oct/2026)

Components

The EMERALD CaaS framework is composed by several components:

COMPONENTS

The list of tools and the respective repository can be seen in the following table:

Component Repository Owner
AMOE - Assessment and Management of Organisational Evidence Components/amoe Fabasoft
MARI - Mapping Assistant for Regulations with Intelligence Components/mari CNR
AI-SEC - AI Security Evidence Collector Components/ai-sec FhG_AISEC
CLDISC - Clouditor-Discovery Components/discovery FhG_AISEC
CODYZE - Codyze Components/codyze FhG_AISEC
EKNOWS-e3 - eKNOWS evidence extractor [1] Components/eknows SCCH
RCM - Repository of Controls and Metrics Components/rcm Tecnalia
TWS - Trustworthiness System [2] - Tecnalia
ORCH - Clouditor-Orchestrator Components/orchestrator FhG_AISEC
ESTORE - Clouditor-Evidence Store Components/evidence-estore FhG_AISEC
ASSESS - Clouditor-Assessment Components/assessment FhG_AISEC
EVAL - Clouditor-Evaluation Components/evaluation FhG_AISEC
UI-UX - User Interface and Experience Components/UI-UX KNOW

[1] The "core" module of eKnows-e3 is proprietary, and it won't be made public. For more information contact [Stefan.Schoeberl@scch.at]
[2] TWS is a proprietary component. For more information contact [cristina.regeiro@tecnalia.com]

Contact

Juncal Alonso, EMERALD project manager, TECNALIA [Juncal.Alonso@Tecnalia.com]

Acknowledgement

EU FLAG This project has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 101120688.
(INTERNAL INFO) -- Uniform design for component repos --

README: Each repo must include a README file with the following sections

  • Description of the component
  • Installation
  • Documentation (point to)
  • License
  • Contact
  • Acknowledgement