Documentation for CORAL

This page includes all the documentation and documents around the CORAL Project. Every milestone deliverable will be found in this list, ordered ascendingly with the oldest document first and the newest last.

Document Link

Start of the Art

This Document presents a repository of categories of requirements or considerations from widely accepted published standards, literature, and guidelines to serve as a source of generic requirements and recommendations for basic levels of security in low-complexity and low-risk products, services, and processes.


Identification of the CSA-basic target audience and technical requirements

This document focuses on the identification of CSA's basic target audience, the definition of low-complexity products, services, and the identification of technical scopes. The former will be dedicated to the identification of the category of ICT services, ICT products, etc. that could be concerned by the certification being designed and the latter will be dedicated to the identification of the main domains of technical inquiry needed to cover all the baseline of information security and cybersecurity.


Evaluation Questionnaire for ICT Services, ICT Processes, and ICT Products

This document focuses on the list of questions and corresponding recommendations for self-assessment and basic assurance. The questionnaire cover domains such as ICT services, ICT processes, and ICT products. For ICT products, there are two sets of questionnaires covering Web application products and generic products.


Feedback form for Fit4CSA v1.0

This document contains feedback questions related to the first version of the Fit4CSA tool. The purpose is to gain feedback during the feasibility study phase about the way the formulations of the questions, answers and recommendations, as well as to gather reactions to the proposed Fit4CSA flow.


CORAL Methodology and Conformity Assessment Guidance v1.0

This CORAL project deliverable describes the CORAL overall methodology related to conformity assessment, how the Fit4CSA tool integrates in this methodology, and its scoring scale. An auditor profile is also proposed with respect to the methodology proposed.