EMERALD and CERTIFAI projects explore possible areas of joint work

EMERALD and CERTIFAI projects explore possible areas of joint work

On March 22, 2024 representatives from EMERALD and CERTIFAI projects joined to set up the way of collaboration. Both projects were approved under the same topic (HORIZON-CL3-2022-CS-01-04 Development and validation of processes and tools used for agile certification of ICT products, ICT services and ICT processes), therefore they can be considered as “sister” projects.

EMERALD (Evidence Management for Continuous Certification aEMERALD Primary Logo RGB s a Service in the Cloud, https://emerald-he.eu) focuses on Continuous Cloud Certification-as-a-service (CaaS) to tackle the complexities of certifying cloud-based services. The project addresses key challenges such as technology interoperability, the adoption of cloud and edge computing, regulatory compliance, market fragmentation, and the integration of intelligent tools. EMERALD’s solution comprises two proofs of concept: composite certification and the mapping of requirements to forthcoming AI certification schemes, aiming to facilitate agile monitoring and assessment processes as outlined by the EU Cybersecurity Act certifications.

CERTIFAI (Agile conformance assessment forcertifai-logo cybersecurity CERTIFication enhanced by Artificial Intelligence, https://certifai.info/) endeavours to create an open software framework employing AI-driven, cost-efficient continuous assessment and (re-)certification methods specifically tailored for ICT products, processes, and services. This proactive approach addresses the evolving cybersecurity landscape by ensuring robust compliance throughout the product life cycle. By harnessing the power of artificial intelligence, this framework aims to provide a cost-effective and adaptive solution.

During the meeting, we discovered that both projects plan to use the OSCAL framework; in the case of EMERALD for the definition of the certification scheme requirements in the Repository, and in the case for CERTIFAI for making use of different NIST standards. Another detected synergy is the involvement of both actions in the Ad-Hoc Working Group on Artificial Intelligence Cybersecurity and related achievements on this respect.

Finally, during the meeting we also had the opportunity to discuss about the creation of a task force bringing together all “sister” projects on the HORIZON-CL3-2022-CS-01-04 topic, with the aim of fostering collaboration among existing research initiatives, organising focus workshops and sharing experiences. The next steps will revolve around this way of collaboration and to start defining a timetable for joint actions.