Documentation for CORAL

This page includes all the documentation and documents around the CORAL Project. Every milestone deliverable will be found in this list, ordered ascendingly with the oldest document first and the newest last.

Document Link
1

State of the Art v1.1

This document presents a repository of categories of requirements or considerations from widely accepted published standards, literature, and guidelines to serve as a source of generic requirements and recommendations for basic levels of security in low-complexity and low-risk products, services, and processes.

2

Identification of the CSA-basic target audience and technical requirements

This document focuses on the identification of CSA's basic target audience, the definition of low-complexity products, services, and the identification of technical scopes. The former will be dedicated to the identification of the category of ICT services, ICT products, etc. that could be concerned by the certification being designed and the latter will be dedicated to the identification of the main domains of technical inquiry needed to cover all the baseline of information security and cybersecurity.

3

Evaluation Questionnaire for ICT Services, ICT Processes, and ICT Products

This document focuses on the list of questions and corresponding recommendations for self-assessment and basic assurance. The questionnaire cover domains such as ICT services, ICT processes, and ICT products. For ICT products, there are two sets of questionnaires covering Web application products and generic products. *v1.0 published on 02/11/22, updated to v1.1 on 01/12/2023.

4

Feedback form for Fit4CSA v1.0

This document contains feedback questions related to the first version of the Fit4CSA tool. The purpose is to gain feedback during the feasibility study phase about the way the formulations of the questions, answers and recommendations, as well as to gather reactions to the proposed Fit4CSA flow.

5

Feasibility study results v1.0

This document contains feedback received during our initial feasibility study, related to the usage of the Fit4CSA tool and the overall CORAL approach. The purpose of the study was to gather first impressions of a small base of users and adapt the tool accordingly, whenever deemed appropriate.

6

CORAL Methodology and Conformity Assessment Guidance v1.1

This CORAL project deliverable describes the CORAL overall methodology related to conformity assessment, how the Fit4CSA tool integrates in this methodology, and its scoring scale. An auditor profile is also proposed with respect to the methodology proposed.

7

CSA impact on EU legislation Report v1.0

This CORAL extra deliverable gives an overview of the relationship between the CSA certification framework and cybersecurity requirements in the current EU regulatory landscape.

8

CSA impact on CSIRTs in Europe v1.0

This CORAL extra deliverable overviews the impact of the Cybersecurity Act over the functioning of CSIRTs in Europe.

9

List of publications v1.1

List of publications as part of the CORAL project. This document is not a CORAL deliverable.

10

Milestone 11 Supporting Document v1.0

Report supporting the contribution of the CORAL project to a common level of maturity in cybersecurity certification. This document is not a CORAL deliverable.