Analysis of recommended cloud security controls to validate OpenPMF "policy as a service"
Information Security Tech. Report
| Hi-index | 0.00 |
Assurance accreditation of agile, interconnected IT landscapes is a great challenge, and is currently often cited as one of the show-stoppers for the adoption of modern IT architectures (e.g. agile, model-driven, process-led SOA and Cloud) in mission critical domains. This paper presents Model Driven Security Accreditation (MDSA), a novel approach for automating large parts of the compliance and assurance accreditation management processes (e.g. Common Criteria) to achieve reduced cost / effort, and increased reliability / traceability. MDSA is related to Model Driven Security (MDS), an approach that automatically generates fine-grained technical security rules from intuitive, generalized security policy models. MDSA automatically analyzes and documents two main compliance aspects: 1) Does the actual security match with the stated requirements? MDSA is a system and method for managing and analyzing security and information assurance requirements in reusable models, and for (mostly) automating the verification of the traceable correspondence between functional models, security models, and requirements models. 2) Do any changes impact the current accreditation? MDSA automatically identifies changes to any aspect of the "system of systems", and evaluates whether changes impact the current accreditation and whether manual corrections and re-accreditation are required.