Posted on

UBITECH kicks-off CERTIFAI Innovation Action on agile conformance assessment for AI-driven cybersecurity certification

UBITECH participates at the kick-off meeting hosted by TECNALIA (September 6 & 7, 2023) in Bilbao, Spain of the CERTIFAI Innovation Action, officially started on September 1st, 2021. The project is funded by the European Commission (Grant Agreement No. 101120606) and spans on the period September 2023 – August 2026. The CERTIFAI project will develop an open software framework for cost-effective AI-driven continuous assessment and (re-)certification of ICT products and services, paving the way for a more secure and trustworthy EU’s digital world. Building on the EU Cybersecurity Act, CERTIFAI will leverage the established cybersecurity requirements, standards, and technical specifications to deliver an efficient approach for ensuring that a product, once certified, will continue to be compliant with relevant standards throughout its life cycle.

Within CERTIFAI, UBITECH designs and develops the AI-driven Certification Framework, implementing the methodology for agile cybersecurity conformance assessment. The framework will enable checking the ratio of compliance based on the artifacts defined by the use cases and the evidence generated across various phases of the Software/System Development Life Cycle (SDLC) process involved in the development of non-AI and AI-based ICT products and services.

The framework provides a graph-based interface for defining the artifacts and a dashboard for displaying the evidence. Taking these as inputs and based on the software/system criticality level, it analyzes the compliance of the overall product or a service and provides the percentage of compliance of the artifacts, assessing the certification capabilities of the developed non-AI and AI ICT products and services, taking also into account the guidelines and recommendations of the related standards and regulations, such as IEC 62443-4-1, IEC 62443-4-2, EC 62443-2-4 (IEC TS 62443-6-1 for its evaluation), EU Cyber Resilience Act and EU Artificial Intelligence Act.

UBITECH will develop the framework by modifying and extending its OLISTIC risk assessment framework to introduce the necessary functionality and will lead its integration with the artifacts developed in the project.