The European Cybersecurity Certification Scheme for Cloud Services (EUCS) is an initiative to establish a unified certification process for cloud services across the EU. Cloud services and associated managed services are critical to most government and business functions, and the EU follows the example of other jurisdictions in focusing explicitly on this area of cybersecurity with the EUCS framework.

This article aims to discuss the framework of EUCS and explore the practical implications of this scheme for cloud service providers and their users. 

Read More

StateRAMP is based on the FedRAMP standard, which means that it uses a similar set of documents and requirements to assess and authorize cloud service providers. One of the key documents of both StateRAMP and FedRAMP is the System Security Plan (SSP), which represents the provider’s security controls, compliance perimeter, and capabilities. 

In Revision 5, StateRAMP has seemingly moved from the traditional SSP toward an “operational control matrix,” or systematized document outlining the same information. Here, we’ll cover the SSP/control matrix and what it represents for the provider during StateRAMP authorization. 

Read More

StateRAMP, much like FedRAMP, includes a series of documents that the cloud provider and their 3PAO must complete before they are fully authorized. These documents align with several stages of the assessment process and provide regulating authorities with the proof they need to see that the cloud offering meets requirements. 

Here, we summarize the documents you must complete as part of your StateRAMP assessment process.

Read More