COMPAAS

Detailed description of project  

COMPaaS-EU addresses the escalating threat landscape identified in ENISA’s 2024 reports by delivering a modular, cross-border Compliance-as-a-Service (COMPaaS) framework designed to harmonize technical resilience with the complex regulatory requirements of NIS2, CRA, and DORA. The project orchestrates advanced toolsets from OBR, PRV, and the EUDOROS platform to protect high-criticality infrastructure across three pr Offshore imary sectors: Telecom (OTE), Public Administration supply chains (DOT), and Maritime/operations (MMS). By integrating automated vulnerability scanning, real-time incident monitoring via the Swordfish platform, and specialized cyber-range training, the initiative aims to reduce risk exposure by at least 20% while safeguarding essential assets such as billing systems, Smart City IoT gateways, and port supervisory components. Beyond technical deployment, COMPaaS-EU fosters an inter-sectoral sharing culture through structured threat intelligence (STIX/MISP) and produces a comprehensive Replicability Toolkit to ensure long-term alignment with EU policy goals and facilitate the adoption of standardized preparedness practices by Priority Entities across the Member States. 

 

Type and scope of work provided  

The COMPaaS-EU project provides an integrated cybersecurity framework that harmonizes technical resilience with regulatory compliance across high-criticality EU sectors. 

Type and Scope of Work 

  • Modular Framework Design: Developing a cross-sectoral Compliance-as-a-Service (COMPaaS) approach by orchestrating OBR, PRV, and EUDOROS capabilities to ensure continuous NIS2 compliance. 
  • Sector-Specific Validation: Operationally evaluating the framework across three high-criticality pilots: Maritime (Multimarine), Telecom (OTE), and Public Administration supply chains (DOTSOFT). 
  • Infrastructure Protection: Securing diverse IT/OT assets, including national telecom billing systems, Smart City IoT gateways, and offshore port supervisory components (SCADA). 
  • Security Testing & Enhancement: Conducting baseline and post-enhancement vulnerability scanning, penetration testing, and risk assessments with a target of >25% reduction in critical findings. 
  • Advanced Monitoring: Deploying real-time incident detection using Swordfish MDR and EUDOROS agents to reduce time-to-detect (MTTD) and time-to-respond (MTTR) by 20%. 
  • Role-Based Training: Delivering general cyber hygiene, specialized SOC workflows, and EUDOROS cyber-range simulations for technical and administrative staff. 
  • Information Sharing: Establishing standardized threat intelligence exchange (using STIX/MISP) and producing a Replicability Toolkit for future adoption by EU Priority Entities. 

 

The project is funded by Eudoros.  

Eudoros is supported by the European Union under GA No 101158605.  

This project is supported by the European Cybersecurity Competence Centre and its 

Members. 

Recent Projects

AiDIANA

Detailed description of project   The aiDIANA (AI-DrIven wAste maNAgement) project proposes the design, development, and 9-month experimentation of an...

cleverEATER

Detailed description of project   cleverEATER (clever E-wAsTE Recovery) is a nine-month socio-technical experimentation project that takes place in Prijedor,...

MARCO

Detailed description of project   MARCO (sMart pAths for gReener sChoOls) is a nine-month socio-technical experimentation in Pilsen designed to...

SmartLINA

Detailed description of project   smartLINA is a nine-month pilot project designed to scale citizen engagement in Issy-les-Moulineaux’s Zero...

Innovation Start Hub