EMERALD’s mission is to provide a user-friendly framework to help stakeholders in the cybersecurity field efficiently manage certifications, enhancing the security and effectiveness of cloud service usage. The proposed EMERALD environment will be the foundation for defining a new service for assisting the certification process that we named Certification-as-a-Service (CaaS).
With EMERALD, we expect to significantly decrease the time needed to re-certify, select and evaluate new cloud-based services and to facilitate the integration of new services that are not on premise but offered by different and also smaller providers.
...
...
@@ -23,7 +23,7 @@ The EMERALD approach can be summarized as follows:
- A graph-based structure (the **certification graph**) consolidates all necessary information of the service in a uniform way and makes it ready for queries.
- The audit suite **assesses and evaluates chosen metrics** based on information provided by the certification graph while providing **interoperability to other assessment tools** (e.g., based on OSCAL) during the whole life-cycle of the cloud service.
{width=90%}
![COMPONENTS](EMERALD_Diagram.svg"EMERALD 'Certification-as-a-Service Framework' with pilots"){width=90%}
Main EMERALD users are:
- Compliance managers
...
...
@@ -44,7 +44,7 @@ Three [tags] **M12**, **M24**, **M30** define the versions delivered in the thre
## Components
The EMERALD CaaS framework is composed by several components:
{width=100%}
![COMPONENTS](EMERALD_Components.svg"EMERALD architecture and components"){width=100%}
The list of tools and the respective repository can be seen in the following table:
