European Secure Cloud Label (ESCloud Label)
BSI has developed a label for Cloud Security - the ESCloud Label - together with ANSSI (L’Agence Nationale de la Sécurité des Systèmes d’information). In the long-term, fruitful cooperation between the two authorities, a great mutual trust grew and the perception of the conformity in the field of cybersecurity. This lead to the creation ot the ESCloud Label.
Both BSI and ANSSI work on standards for information security in cloud computing and their verification. The catalogue C5 (Cloud Computing Compliance Controls Catalogue) of BSI can already be used and ANSSI is currently establishing its own certification according to its standard "SecNumCloud". Even though both approaches and procedures are very different, there is great consistency in the targeted security level.
Cloud service providers offer their services internationally in several markets. Therefore, national approaches for certification and assurance are of limited use to them. National cyber security authorities can usualy only set national standards, even if other countries use them too. The ESCloud Label provides a solution to this divergence. With this, the national safety certificates are combined under one roof and made comparable, so that national certificates are also of benefit in international markets.
The ESCloud Label stands for the security level targeted by BSI and ANSSI and documents its fulfillment. The requirements for information security are defined in the Core Principles.
In order to obtain the ESCloud Label, a security certificate the label is based on must be hold by the applicant whereby boundary conditions may still have to be adhered to. In this case a cloud service provider can apply for the label free of charge and thus also appear on the markets in the respective other country and across Europe.
BSI and ANSSI have set up the "ESCloud Working Group" for the organization, development and governance of the label by signing a Memorandum of Understanding. The working group has been designed to include other national cyber security agencies as members to promote the label's base in Europe.
- European Secure Cloud (ESCloud) - Memorandum of Understanding (PDF, 1MB, File is accessible)
- European Secure Cloud (ESCloud) - Annex B (PDF, 590KB, File is accessible)