wiki

Changes

Policy (view source)

Revision as of 09:44, 11 December 2024

7,996 bytes added ,  09:44, 11 December 2024
no edit summary
Line 1: Line 1:  +
 
{{Cloud Information Centre - Government of Canada}}
 
{{Cloud Information Centre - Government of Canada}}
 +
<b>
 +
</b>
 +
<!-- NAV -->
 +
<!-- Columns -->
   −
= '''POLICY INSTRUMENTS''' =
+
{| width="100%" cellpadding="10"
 
  −
The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
  −
 
  −
Strategic Plan
  −
 
  −
Digital Operations Strategic Plan: 2018-2022
  −
 
  −
Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021
  −
 
  −
Government of Canada Cloud Adoption Strategy: 2018 update
  −
 
  −
Policy and Directive
  −
 
  −
Policy on Service and Digital
  −
 
  −
Directive on Service and Digital
  −
 
  −
Policy on Management of Information Technology
  −
 
  −
Policy Framework for Information and Technology
  −
 
  −
Policy on Information Management
  −
 
  −
Directive on Automated Decision-Making
  −
 
  −
Standards and Guidelines
  −
 
  −
Digital Standards
  −
 
  −
Standards on Application Programming Interfaces (APIs)
  −
 
  −
Government of Canada right cloud selection guidance
  −
 
  −
Government of Canada cloud security risk management approach and procedures
  −
 
  −
Government of Canada Security Control Profile for Cloud-based GC Services
  −
 
  −
Government of Canada White Paper: Data Sovereignty and Public Cloud
  −
 
  −
Security and identity management guidance
  −
 
  −
Directives, standards, guidelines and publications related to security
  −
 
  −
Secure use of cloud services
  −
 
  −
How to put in place secure cloud solutions.
  −
 
  −
Recommended controls for cloud-based services
  −
 
  −
How to secure, manage, and use cloud services.
  −
 
  −
Using electronic signatures
  −
 
  −
Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
  −
 
  −
Secure electronic signature regulations
  −
 
  −
Getting a valid electronic signature.
  −
 
  −
Public key infrastructure
  −
 
  −
Guideline on creating public keys for secure identity management
     −
Password management guidance
+
|width="90%" style="color: black;" align="right" |
 +
<!-- COLUMN 1 STARTS: -->
 +
[[Template: Politique|Français]]
 +
<!-- COLUMN 1 ENDS: -->
 +
|width="10%" style="color: black; align=center" |
   −
How government services should manage user passwords
+
<!-- COLUMN 2 STARTS: -->
   −
Privacy Impact Assessment Summaries
+
<!-- COLUMN 2 ENDS: -->
   −
Privacy Impact Assessments (PIAs)
+
<!-- Columns -->
 +
|}
   −
Choosing the right cloud service
+
{| width="100%" cellpadding="10"
 +
|-valign="top"
   −
Find out which cloud deployment model is right for your organization.  
+
|width="50%" style="color: black;" |
 +
<!-- COLUMN 1 STARTS: -->
 +
[[Image:Governance.jpg|250x250px|center |link=Governance]]
 +
<!-- COLUMN 1 ENDS: -->
 +
|width="50%" style="color: black;" |
 +
<!-- COLUMN 2 STARTS: -->
 +
[[Image:Cic.jpg|center|250x250px |link=GC_Cloud_Infocentre]]
 +
<!-- COLUMN 2 ENDS: -->
 +
|}
 +
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Policy Instruments</font><span>
   −
Data residency requirements
+
<big><big>The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
 +
<br><br>
 +
== Strategic Plan ==
 +
* [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/strategic-plan-information-management-information-technology.html Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-cloud-adoption-strategy.html Government of Canada Cloud Adoption Strategy: 2018 update]
   −
Understand the Government of Canada’s requirements for the storage of data within Canada.
+
== Policy and Directive ==
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32603 Policy on Service and Digital]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Directive on Service and Digital]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Policy on Management of Information Technology]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Policy Framework for Information and Technology]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12742 Policy on Information Management]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32592 Directive on Automated Decision-Making]
   −
Secure use of cloud services  
+
== Standards and Guidelines ==
 +
* [https://www.canada.ca/en/government/system/digital-government/government-canada-digital-standards.html Digital Standards]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/government-canada-standards-apis.html Standards on Application Programming Interfaces (APIs)]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-right-cloud-selection-guidance.html Government of Canada right cloud selection guidance]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Government of Canada cloud security risk management approach and procedures]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-based GC Services]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Government of Canada White Paper: Data Sovereignty and Public Cloud]
 +
* [https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/security-identity-management.html Security and identity management guidance - Directives, standards, guidelines and publications related to security]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services] - How to put in place secure cloud solutions.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Recommended controls for cloud-based services] - How to secure, manage, and use cloud services.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Using electronic signatures]- Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
 +
* [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Secure electronic signature regulations] - Getting a valid electronic signature.
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=20008 Public key infrastructure ] - Guideline on creating public keys for secure identity management
 +
* [https://www.canada.ca/en/government/system/digital-government/password-guidance.html Password management guidance ] - How government services should manage user passwords
 +
* [https://www.canada.ca/en/revenue-agency/services/about-canada-revenue-agency-cra/protecting-your-privacy/privacy-impact-assessment.html Privacy Impact Assessment Summaries] - Privacy Impact Assessments (PIAs)
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-right-cloud-selection-guidance.html Choosing the right cloud service] - Find out which cloud deployment model is right for your organization.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Data residency requirements] - Understand the Government of Canada’s requirements for the storage of data within Canada.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services] - How to put in place secure cloud solutions.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.
   −
How to put in place secure cloud solutions.
+
== Cloud Security ==
   −
Risk-management for cloud-based services
+
===  Policies and Standards ===
 +
::*    [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12755 Policy on Management of Information Technology]
 +
::* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578 Policy on Government Security]
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Direction for Electronic Data Residency, ITPIN No: 2017-02]
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)]
   −
Protect cloud services by ensuring that the proper security controls are in place.
+
=== Guidance ===
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-computing/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-Based GC IT Services]
 +
::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 Government of Canada Cloud Security Risk Management Approach and Procedures]
 +
::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada]
 +
::* [https://cyber.gc.ca/en/guidance/network-security-zoning-design-considerations-placement-services-within-zones-itsg-38 CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones]
 +
::* [https://cyber.gc.ca/en/guidance/user-authentication-guidance-information-technology-systems-itsp30031-v3 CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems]
 +
::* [https://nam06.safelinks.protection.outlook.com/?url=https://www.cse-cst.gc.ca/en/node/1830/html/26507&data=02|01|Jamie.Hart@microsoft.com|7503434d3e8c4c8cc23808d68d7d1039|72f988bf86f141af91ab2d7cd011db47|1|0|636851965624128440&sdata=TDPmXQvqrn0jGPdERr3KmlsTo0WJVu646TgUe8ZpxNg%3D&reserved=0 CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols]
 +
::* [https://cyber.gc.ca/en/guidance/cloud-service-provider-information-technology-security-assessment-process-itsm50100 CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process]
 +
::* [https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/cloud-services/guideline-cloud-authentication.html Guideline on Cloud Authentication]
 +
::* [https://intranet.canada.ca/wg-tg/rtua-rafu-eng.asp Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/e/e3/GC_Event_Logging_Strategy.pdf GC Event Logging Strategy (Draft)]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/5/5f/GC_Cloud_Event_Management_Standard_Operating_Procedure.pdf Standard Operating Procedure for GC Cloud Event Management]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Security_Playbook_for_Information_System_Solutions.pdf Security Playbook for Information System Solutions]
   −
Data sovereignty in cloud environments
+
=== Tools & Templates ===
   −
Assessing the risks of foreign governments accessing Canadian data in the cloud.
+
::* https://gccode.ssc-spc.gc.ca/GCCloudEnablement
<multilang>
+
::*    https://github.com/canada-ca/accelerators_accelerateurs-azure
@en|__NOTOC__
+
::* https://github.com/canada-ca/accelerators_accelerateurs-aws
   −
</multilang>
+
== Cloud Security Initiative ==
 +
Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative  [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Initiative]
 +
</big></big>
 
{{GC Cloud Information Centre Footer}}
 
{{GC Cloud Information Centre Footer}}
 +
__FORCETOC__
Retrieved from "https://wiki.gccollab.ca/Special:MobileDiff/16239...128711"