The SPHINX Automated Cybersecurity Certification (ACC) enables a solution for conducting automated and continuous cybersecurity certification on systems and software components. Using existing cybersecurity frameworks and guidelines such as ISO27001, ISO27701, HIPAA, GDPR, NIST800-53 and by following the EU Cybersecurity Certification Framework, this component aspires to provide auditing accordingly to certify newly entering components on systems that could maintain various security risks. The auditing process is the core process and includes a set of rulesets which depicts the existing cybersecurity guidelines, policies and frameworks related to auditing processes.
This document presents the detailed design for the SPHINX ACC component, following the component’s introduction in the SPHINX architecture deliverable (D2.6 - SPHINX Architecture v2). It extends the details and the cybersecurity framework, policies and guidelines which the certification process will follow as well as technical aspects and the key aspects which are included to the component.
The Deliverable is publicly available at SPHINX dedicated community in Zenodo repository: https://zenodo.org/record/3935831#.XwXTyCgzZPY