Changes

Jump to navigation Jump to search
Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=https://gcconnex.gc.ca/groups/profile/278554..."
<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">[[File:JoinusonGCconnex.png|link=https://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-security-architecture-gc-esa]]<br />[[File:ESAcontactus.png|link=mailto:ZZTBSCYBERS@tbs-sct.gc.ca]]</div>
[[File:GOC ESA.jpg|center|link=https://www.gcpedia.gc.ca/wiki/Government_of_Canada_Enterprise_Security_Architecture_(ESA)_Program]]
<div class="center">
{| style="border: 2px solid #000000; border-image: none;" width="1000px"
|-
! style="background: #e1caf7; color: black" width="175px" scope="col" " | [[Government of Canada Enterprise Security Architecture (ESA) Program|ESA Program Overview]]
! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Backgrounder (Strategy)|ESA Foundation]]
! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Requirements|ESA Artifacts]]
! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Initiatives|ESA Initiatives]]
! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Tools and Templates]]
! style="background: #C495F0; color: black" width="125px" scope="col" " | [[GC ESA Artifact Repository|ESA Reference Materials]]
! style="background: #e1caf7; color: black" width="100px" scope="col" " | [[ESA Glossary| Glossary]]
|}
{| style="border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1000px"
|-
! style="background: #9a9af8; color: black" width="18%" scope="col" | [[GC ESA Artifact Repository|ESA Artifact Repository]]
! style="background: #c2c2fa; color: black" width="16%" scope="col" | [[GC Threat Assessments - Repository| GC Threat Assessment Repository]]
! style="background: #c2c2fa; color: black" width="12%" scope="col" | [[GC Security Assessments - Repository|GC Security Assessment Repository]]
! style="background: #c2c2fa; color: black" width="18%" scope="col" | [[Emerging Technologies]]
! style="background: #c2c2fa; color: black" width="16%" scope="col" | [[Other Resources]]
|} </div></div>

{{TOCright}}

== GC ESA Artifacts ==
[[Media:GC ESA Program Charter.pdf|GC ESA Program Charter]] -- [[ESA Program Charter|<u>'''Synopsis'''</u>]] // [[Media:Charte du programme.pdf| Charte du programme de l'ASI du GC]]

[[Media: GC ESA Program Implementation Framework.pdf|GC ESA Program Implementation Framework]] -- [[ESA Program Implementation Framework|<u>'''Synopsis'''</u>]]

[[Media:GC ESA Framework.pdf|GC ESA Framework]] -- [[ESA Framework|<u>'''Synopsis'''</u>]]

[[Media:GC ESA Backgrounder.pdf|GC ESA Backgrounder]] -- [[ESA Backgrounder (Strategy)|<u>'''Synopsis'''</u>]]

[[Media:GC ESA Vision and Strategy.pdf|GC ESA Vision and Strategy]]

[[Media:GC ESA Enterprise Threat Assessment for Executives.pdf|GC ESA Enterprise Threat Assessment - January 2017 Update]]

[[Media:GC ESA Requirements Database Overview.pdf|GC ESA Requirements Database Overview]]

[[Media:GC ESA Architectural Needs Report.xlsx|GC ESA Architectural Needs]]

GC ESA System Requirements Traceability Matrix

GC ESA Security Controls Mapping Matrix

[[Media:Mobile Device Security Considerations Discussion Paper.pdf|Mobile Device Security Considerations Discussion Paper]]

[[Media:GC ESA - PALL-PBMM Security Control Profile Analysis.pdf|GC ESA PALL-PBMM Security Control Profile Analysis]]

[[Media:GC ESA Security Guide for Installation of Interconnections.docx|GC ESA Security Guide for Installation of Interconnections]]

=== ''GC ESA Concept of Operations'' ===
[[Media:GC Enterprise Security ConOps.pdf|GC ESA ConOps Main Body]] -- '''[[ESA Security ConOps|<u>Synopsis</u>]]'''

[[Media:GC Enterprise Security ConOps - ANNEX A DLP.pdf|GC ESA ConOps Annex A: Data Loss Prevention]] -- '''<u>[[Annex A: Data Loss Prevention|Synopsis]]</u>'''

[[Media:GC Enterprise Security ConOps - ANNEX B Cloud Security.pdf|GC ESA ConOps Annex B: Cloud Security]] -- '''<u>[[Annex B: Cloud Security|Synopsis]]</u>'''

[[Media:GC ESA ConOps - ANNEX C Secure Enterprise Application Delivery.pdf|GC ESA ConOps Annex C: Secure Enterprise Application Delivery]] -- '''<u>[[Annex C: Secure Enterprise Application Delivery|Synopsis]]</u>'''

[[Media:GC ESA ConOps - ANNEX D Secure Enterprise Systems Administration.pdf|GC ESA ConOps Annex D: Secure Enterprise Systems Administration]] -- '''<u>[[Annex D: Secure Enterprise Systems Administration|Synopsis]]</u>'''

[[Media:GC ESA ConOps - ANNEX E GC Enterprise VMS.pdf|GC ESA ConOps Annex E: Vulnerability Management System]] -- '''<u>[[Annex E: Vulnerability Management System|Synopsis]]</u>'''

===''GC ESA Description Documents'' ===
[[Media:GC ESA Description Document (ESADD) - Main Body.pdf|GC ESA Description Document Main Body]] -- [[ESA Architecture Description Document (ESADD)|<u>'''Synopsis'''</u>]]

[[Media:GC ESA Description Document (ESADD) - ANNEX A END.pdf|GC ESA Description Document Annex A - Endpoint Security (END)]] -- <u>'''[[Annex A: Endpoint Security|Synopsis]]'''</u>

[[Media:GC ESA Description Document (ESADD) - ANNEX B DAT.pdf|GC ESA Description Document Annex B - Data Security (DAT)]] -- <u>'''[[Annex B: Data Security|Synopsis]]'''</u>

[[Media:GC ESA Description Document (ESADD) - ANNEX C NCS.pdf|GC ESA Description Document Annex C - Network and Communications Security (NCS)]] -- <u>'''[[Annex C: Network and Communications Security|Synopsis]]'''</u>

[[Media:GC ESA Description Document (ESADD) - ANNEX D OPS.pdf|GC ESA Description Document Annex D - Security Operations (OPS)]]

[[Media:GC ESA Description Document (ESADD) - ANNEX E APP.pdf|GC ESA Description Document Annex E - Application Security (APP)]]

[[Media:GC ESA Description Document (ESADD) - ANNEX F CSS.pdf|GC ESA Description Document Annex F - Compute and Storage Services Security (CSS)]]

=== ''GC ESA Pattern Diagrams & Use Cases'' ===
[[Endpoint Security|GC ESA END Pattern Diagrams and Use Cases]]

[[Data Security|GC ESA DAT Pattern Diagrams and Use Cases]]

[[Network and Communications Security|GC ESA NCS Pattern Diagrams and Use Cases]]

[[Security Operations|GC ESA OPS Pattern Diagrams and Use Cases]]

[[Application Security|GC ESA APP Pattern Diagrams and Use Cases]]

[[Compute and Storage Services Security|GC ESA CSS Pattern Diagrams and Use Cases]]

== GC ESA Initiatives ==

'''Cloud Security'''
<br>
[[Media:GC Cloud Security Risk Management Approach and Procedures - EN.pdf|GC Cloud Security Risk Management Approach and Procedures]] // [[Media:Approche et procédures de gestion des risques liés à la sécurité de l’informatique en nuage - FR.pdf|Approche et procédures de gestion de risque de la sécurité de l’informatique en nuage]]
[[Media:GC Cloud Profile PBMM - EN.pdf|GC Security Control Profile for Cloud-Based GC IT Services (PB/M/M) (Version 1.1, March 2018)]] // [[Media:GC Cloud Profile PBMM - FR.pdf|Profil de contrôle de sécurité pour les services de la TI du GC fondés sur l’informatique en nuage (PB/M/M) (Version 1.1, mars 2018)]]
* [[Media:GC Cloud Security Controls v1.1.xls|Version 1.1 - Appendix A Matrix (Excel)]]
* [[Media:GC Cloud Profile PBMM v1.1 - EN (Track Changes).pdf|Track Changes Version 1.1]]
**''Archived Versions''
*** [[Media:GC Cloud Profile PBMM v1.0 - EN.pdf|GC Security Control Profile for Cloud-based GC IT Services (PB/M/M) (Version 1.0, Feb 2017)]] // [[Media:GC Cloud Profile PBMM v1.0 - FR.pdf|Profil de contrôle de sécurité pour les services de la TI du GC fondés sur l’informatique en nuage (PB/M/M) (Version 1.0, fev 2017)]]
***[[Media:GC Cloud Security Controls v1.0.xls|Version 1.0 - Appendix A Matrix (Excel)]]
***[[Media:GC Cloud Profile PBMM v1.0 - EN (Track Changes).pdf|Track Changes Version 1.0]]
[[Media:GC Cloud Tiered Assurance Model.xlsx|GC Cloud Tiered Assurance Model]]<br>
[[Media:GC SaaS Assessment Tool.xlsx|GC SaaS Assessment Tool]]<br>
[[Media:GC Enterprise Hybrid Cloud High-Level Design.pdf|GC Enterprise Hybrid Cloud High-Level Design]]
<br>
[[Media:Considerations for Use of Cryptography in Cloud.pdf|Considerations for the Use of Cryptography in Cloud]] //
[[Media:Considérations relatives à l’utilisation de la cryptographie dans les services d’informatique en nuage commerciaux.pdf|Considérations relatives à l’utilisation de la cryptographie dans les services d’informatique en nuage commerciaux]]
<br>
[[Media:GC ESA Security Design Patterns for SaaS-based Solutions.pdf|GC ESA SaaS Design Patterns]]
*[[Media:Baseline controls for SaaS Solutions.xlsx|Baseline controls for SaaS Solutions]]
[[Media:GC Secure Cloud Connectivity Requirements.pdf|GC Secure Cloud Connectivity Requirements]]
* [[Media:GC Cloud Access Use Cases.xlsx|GC Cloud Access Use Cases]]
* [[Media:GC Cloud Connection Patterns.pdf|GC Connection Patterns]]
[[Media:GC Cloud Guardrails.pdf|<nowiki/>]][[Media:GC Cloud Guardrails.pdf|GC Cloud Guardrails]]
*[https://www.gcpedia.gc.ca/gcwiki/images/e/ed/GC_Cloud_Guardrails.xlsx GC Cloud Guardrails - Initial 30 Days (Scope is security of the cloud tenant)]
*[[Media:SOP for Validating Cloud Guardrails.pdf|<nowiki/>]][[Media:SOP for Validating Cloud Guardrails.pdf|Standard Operating Procedure for Validating Cloud Guardrails]]
*[https://canada-ca.github.io/cloud-guardrails-O365 GC Cloud Guardrails for Office 365]
*[[Media:Office 365 Security Baseline Configuration.xlsx|Office 365 Security Baseline Configuration]] **Version 1.6 update**
*[[Media:GC Departmental Domains.xlsx|GC Departmental Domains - External Access Configuration]]
[[Media:Considerations for Enabling Collaboration in MS Teams.pdf|Considerations for Enabling Collaboration in MS Teams]] / [[Media:Considérations pour faciliter la collaboration dans Microsoft Teams.pdf|Considérations pour faciliter la collaboration dans Microsoft Teams]]

[[Media:Considerations for Using Microsoft Cognitive Services.pdf|Considerations for Using Microsoft Cognitive Services]] / [[Media:Considérations liées à l’utilisation de Microsoft Cognitive Services.pdf|Considérations liées à l’utilisation de Microsoft Cognitive Services]]
<br>
[[Media:GC Cloud Enablement - The Building Blocks.pptx|GC Cloud Enablement - The Building Blocks]] / [[Media:Les éléments de base pour les solutions infonuagiques du GC.pptx|Les éléments de base pour les solutions infonuagiques du GC]]
<br>
<br>
<br>
'''Application Security'''
<br> [[Media:GC DevSecOps Conceptual Framework.pdf|GC DevSecOps Conceptual Framework]]
<br> [[Media:Guidance for Software Assurance.pdf|DRAFT Guidance on Software Assurance]]
<br> [[Media:Guidance for Secure Application Development.pdf|DRAFT Guidance for Secure Application Development]]
<br> [[Media:Guidance for Secure Containers and Microservices.pdf|DRAFT Guidance for Secure Containers and Microservices]]
<br> [[Media:Security Controls Mapping to Docker and Kubernetes.xlsx|DRAFT Security Controls Mapping to Docker and Kubernetes]]
<br>[[Media:Application Security Training.pdf|Application Security Training - Sept 2018]]<br>
<br>
'''Data Loss Prevention'''
<br> [[Media:GC Enterprise DLP HLD.pdf|GC ESA Data Loss Prevention High-Level Design]]
<br> [[Media:GC Enterprise DLP Implementation Strategy.pdf|GC Enterprise Data Loss Prevention Implementation Strategy]]
<br> [[Media:DRAFT for Discussion - GC Data Protection Strategy - DLP Initiative.pdf|DRAFT GC ESA Data Protection Strategy - DLP Initiative Presentation]]
<br>
<br> '''Vulnerability Management System'''
<br> [[Media:GC Enterprise VMS HLD.pdf|GC ESA Vulnerability Management System High-Level Design]]
<br> [[Media:Overview of Vulnerability Disclosure for the GC.pdf|Overview of Vulnerability Disclosure for the GC]]
<br> [[Media:Vulnerability Disclosure Program for the GC - Recommendations Report.pdf|Vulnerability Disclosure Program for the GC - Recommendations Report]]
<br> [[Media:Vulnerability Disclosure Policy Template.pdf|Vulnerability Disclosure Policy Template]]
<br>
<br> '''GC Trusted Interconnection Points (GC-TIP)'''
<br> [[Media:GC Trusted Interconnection Points (GC-TIP) Concept.pdf|GC Trusted Interconnection Points (GC-TIP) Concept]]
<br>
<br> '''GC Endpoint Visibility and Awareness (EVA)'''
<br> [[Media:GC Endpoint Visibility and Awareness (EVA) Concept.pdf|GC Endpoint Visibility and Awareness (EVA) Concept]]
<br>
<br> '''GC Zero Trust Security (ZTS)'''
<br> [[Media:GC Zero Trust Security Concept.pdf|GC Zero Trust Security (ZTS) Concept]]
<br> [[Media:GC Zero Trust Reference Architecture.pdf|DRAFT GC Zero Trust Security Reference Architecture]]
<br>
<br> '''GC Enterprise Continuous Monitoring'''
<br> [[Media:GC Enterprise Information Security Continuous Monitoring Concept Paper.pdf|DRAFT GC Enterprise Information Security Continuous Monitoring Concept]]
<br>
<br>
'''Identity, Credential, and Access Management'''
<br>[https://github.com/canada-ca/CATS-STAE Cyber Authentication Technology Solutions (CATS) specifications (2.0 and draft 3.0)]<br>[https://github.com/canada-ca/CATS-STAE/tree/develop/Social DRAFT Social Media Login Guidance]
<br>[[Media:GC Cloud Authentication Guidance.pdf|''GC Cloud Authentication Guidance'']]
<br>[[Media:Recommendations for 2FA within the GC Enterprise Domain.pdf|Recommendations for Two-Factor Authentication within the GC Enterprise Domain]]
<br>[[Media:GC MFA Strategy.pdf|<nowiki/>]][[Media:GC MFA Strategy.pdf|GC Multi-Factor Authentication (MFA) Strategy Paper]]

'''Password Guidance'''<br>[https://www.canada.ca/en/government/system/digital-government/online-security-privacy/password-guidance.html GC Password Guidance]
<br>[[Media:Implementation Strategy for GC Password Guidance.pdf|DRAFT Implementation Strategy for GC Password Guidance]]
<br>[[Media:GC password manager guidance v0.4 27Jan 20.docx|<nowiki/>]][https://www.gcpedia.gc.ca/gcwiki/images/b/bd/GC_Password_Manager_Guidance_%28July_2020%29.pdf GC Password Manager Guidance]
[https://www.gcpedia.gc.ca/gcwiki/images/b/bd/GC_Password_Manager_Guidance_%28July_2020%29.pdf <br>][https://www.gcpedia.gc.ca/gcwiki/images/d/dd/Generic-BRD-Active-Directory-Passphrase-Compatibility-Tools.xlsm Generic BRD for AD Passphrase Compatibility Tools]

<br>

== Guidance ==
<br>
[https://www.gcpedia.gc.ca/wiki/SPIN_2015-01 SPIN-2015 Priority IT Actions]
<br> [https://www.gcpedia.gc.ca/wiki/SPIN_2015-01_Follow-Up_Activities SPIN-2015 Follow-up Activities]
<br>
[[Media:Guidance for the Secure Use of Collaboration Tools.pdf|Guidance for the Secure Use of Collaboration Tools]] / [[Media:Orientation sur la facilitation de l’accès aux services Web.pdf|Orientation sur la facilitation de l’accès aux services Web]] <br>

[[Media:Availability by Design Position Paper.pdf|DRAFT Availability by Design Position Paper]]<br>

[[Media:Rationale for the Protection Against Exploits of Shared Resources.pdf|Rationale for the Protection Against Exploits of Shared Resources]] *DRAFT*<br>

[[Media:ITSG-33 Primer for IT Projects.pdf|ITSG-33 Primer for IT Projects]]
<br>
[[Media:GC Event Logging Guidance.pdf|GC Event Logging Guidance]]
<br>
[[Media:GC Patch Management Guidance.pdf|GC Patch Management Guidance]]
<br>
[[Media:Security Playbook for Information System Solutions.pdf|Security Playbook for Information System Solutions]]
*[[Media:Baseline security controls for applications.xlsx|Baseline security controls for applications - Version 1.0 - Appendix A Matrix (Excel)]]
[[Media:Ransomware FAQ.pdf|Ransomware FAQ]]
<br>
[[Media:Considerations for GC Communication Technologies.pdf|Considerations for GC Communication Technologies]] / [[Media:Considérations liées aux technologies des communications du GC.pdf|Considérations liées aux technologies des communications du GC]]
<br>

== Security Control Profiles ==
[[Media:HR Services Security Control Profile.zip|Security Control Profile for Human Resources Services]]
<br>
[[Media:FM Services Security Control Profile.zip|Security Control Profile for Financial and Material Management Resources Services]]
<br>
[[Media:IM Services Security Control Profile.zip|Security Control Profile for Information Management Services]]
<br>


== Standard Operating Procedures ==
[[Media:Guideline for Authorization of Enterprise Systems.pdf|Guideline for Authorization of Enterprise Systems]]
<br>[[Media:GC Cloud Event Management Standard Operating Procedure.pdf|GC Cloud Event Management Standard Operating Procedure]]
<br>[[Media:Exception Request for Inverse Split Tunneling Allow List.xlsx|Exception Process for Inverse Split Tunneling Allow List]] / [[Media:Demande d’exception visant une mise sur liste blanche de la segmentation du tunnel inverse.xlsx|Demande d’exception visant une mise sur liste autoriser de la segmentation du tunnel inverse]]
<br>[[Media:Netlogon Remediation Procedure.docx|Netlogon Remediation Procedure]] / [[Media:Netlogon Remediation Procedure-FR.docx|Procédure de correction pour Netlogon]]

== Tools ==
[[Media:GC ESA Tools Report.pdf|GC ESA Tools Report]]

[[Media:Tool-Security Categorization.zip|Security Categorization Tool (incl. Manual & Example)]]

[[Media:Tool-Business Needs for Security.zip|Business Needs for Security Tool (incl. User Manual)]]

[[Media:Tool-Threat Assessment.zip|Threat Assessment Tool (incl. Manual & Example)]]

<br>

== Templates ==
[[Media: ITSG-33 Controls Template.vsd|ITSG-33 Controls Template (.VSD)]]

[[Media:GC ESA Concept of Operations (ConOps) Template.docx|Concept of Operations (ConOps) Template]]

[[Media:GC ESA System Concept (SysCon) Document Template.docx|System Operational Concept (SysCon) Template]]

[[Media:GC ESA Guide for ConOps and SysCon Document Templates.pdf|GC ESA Guide for ConOps and SysCon Document Templates]]

[[Media:Comments Template.xlsx|Comments Template]]

<br>

== Presentations ==
[[Media: Introduction to Enterprise Security Architecture (GC Security Summit 2014).pptx|Introduction to Enterprise Security Architecture (GC Security Summit 2014)]]

[[Media: Introduction au Programme d’architecture de sécurité intégrée du GC (Sommet sur la sécurité GC 2014).pptx|Introduction au Programme d’architecture de sécurité intégrée du GC (Sommet sur la sécurité GC 2014)]]

<br>

== GC ESA Help Page ==
[[GC ESA Help Page|Click Here to Learn How to Edit the ESA Portal]]

[[Category:Government of Canada Enterprise Security Architecture (ESA) Program]]
[[Category:Enterprise Security Architecture]]
[[Category:GC Enterprise Architecture]]

Navigation menu

GCwiki