We present a test-based assurance scheme aimed at incremental security certification. Our scheme assesses the impact of changes at cloud, system, and certification methodology levels on existing certification processes. The proposed solution minimizes the risk of unnecessary certificate revocation and reduces as much as possible the amount of re-certification activities. To this aim, it reuses evidence available in existing certificates to re-validate them when relevant changes are observed.