<b>Ensure Secure Access to Systems and Services</b>
<b>Ensure Secure Access to Systems and Services</b>
−
* Identify and authenticate individuals, processes and/or devices (including Cloud accounts) to an appropriate level of assurance, based on clearly defined roles, before granting access to information and services. Leverage enterprise services such as Government of Canada trusted digital identity solutions that are supported by the Pan-Canadian Trust Framework; where custom authentication services are needed, use modern password guidance from GC Cyber
+
* Identify and authenticate individuals, processes and/or devices to an appropriate level of assurance, based on clearly defined roles, before granting access to information and services. Leverage enterprise services such as Government of Canada trusted digital identity solutions that are supported by the [https://github.com/canada-ca/PCTF-CCP Pan-Canadian Trust Framework].
−
* For hybrid Cloud architectures, follow applicable GC cybersecurity and SSC guidance to secure the Cloud-to-ground connectivity.
+
* Constrain service interfaces to authorized entities (users and devices), with clearly defined roles. Segment and separate information based on sensitivity of information, in alignment with [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 ITSG-22] and [https://cyber.gc.ca/en/guidance/network-security-zoning-design-considerations-placement-services-within-zones-itsg-38 ITSG-38]. Management interfaces may require increased levels of protection.
−
* Ensure designs include measures to audit and monitor access to systems and services
+
* Implement [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/policy-implementation-notices/implementing-https-secure-web-connections-itpin.html HTTPS] for secure web connections and [https://cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection DMARC] for enhanced email security.
+
* Establish secure interconnections between systems through secure [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32604 APIs] or leveraging centrally managed Hybrid IT connectivity services.