Difference between revisions of "Policy"
Jump to navigation
Jump to search
| Line 38: | Line 38: | ||
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place. | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place. | ||
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud. | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud. | ||
| + | |||
== Cloud Security == | == Cloud Security == | ||
| − | Learn recommendations and actions that your Department can implement to protect your networks through the [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Intiative] | + | |
| + | === Policies and Standards === | ||
| + | ::* Policy on Management of Information Technology | ||
| + | ::* Policy on Government Security | ||
| + | ::* Direction for Electronic Data Residency, ITPIN No: 2017-02 | ||
| + | ::* Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN) | ||
| + | |||
| + | === Guidance === | ||
| + | ::* Government of Canada Security Control Profile for Cloud-Based GC IT Services | ||
| + | ::* Government of Canada Cloud Security Risk Management Approach and Procedures | ||
| + | ::* CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada | ||
| + | ::* CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones | ||
| + | ::* CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems | ||
| + | ::* CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols | ||
| + | ::* CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process | ||
| + | ::* Guidance on Cloud Authentication for the Government of Canada | ||
| + | ::* Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain | ||
| + | ::* GC Event Logging Strategy (Draft) | ||
| + | ::* Standard Operating Procedure for GC Cloud Event Management | ||
| + | ::* Security Playbook for Information System Solutions | ||
| + | |||
| + | === Tools & Templates === | ||
| + | |||
| + | ::* https://gccode.ssc-spc.gc.ca/GCCloudEnablement | ||
| + | ::* https://github.com/canada-ca/accelerators_accelerateurs-azure | ||
| + | ::* https://github.com/canada-ca/accelerators_accelerateurs-aws | ||
| + | |||
| + | == Cloud Security Initiative == | ||
| + | Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security inititative [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Intiative] | ||
</big></big> | </big></big> | ||
{{GC Cloud Information Centre Footer}} | {{GC Cloud Information Centre Footer}} | ||
__FORCETOC__ | __FORCETOC__ | ||
Revision as of 13:50, 30 January 2020
Policy Instruments
The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
Strategic Plan
- Digital Operations Strategic Plan: 2018-2022
- Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021
- Government of Canada Cloud Adoption Strategy: 2018 update
Policy and Directive
- Policy on Service and Digital
- Directive on Service and Digital
- Policy on Management of Information Technology
- Policy Framework for Information and Technology
- Policy on Information Management
- Directive on Automated Decision-Making
Standards and Guidelines
- Digital Standards
- Standards on Application Programming Interfaces (APIs)
- Government of Canada right cloud selection guidance
- Government of Canada cloud security risk management approach and procedures
- Government of Canada Security Control Profile for Cloud-based GC Services
- Government of Canada White Paper: Data Sovereignty and Public Cloud
- Security and identity management guidance - Directives, standards, guidelines and publications related to security
- Secure use of cloud services - How to put in place secure cloud solutions.
- Recommended controls for cloud-based services - How to secure, manage, and use cloud services.
- Using electronic signatures- Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
- Secure electronic signature regulations - Getting a valid electronic signature.
- Public key infrastructure - Guideline on creating public keys for secure identity management
- Password management guidance - How government services should manage user passwords
- Privacy Impact Assessment Summaries - Privacy Impact Assessments (PIAs)
- Choosing the right cloud service - Find out which cloud deployment model is right for your organization.
- Data residency requirements - Understand the Government of Canada’s requirements for the storage of data within Canada.
- Secure use of cloud services - How to put in place secure cloud solutions.
- Risk-management for cloud-based services - Protect cloud services by ensuring that the proper security controls are in place.
- Data sovereignty in cloud environments - Assessing the risks of foreign governments accessing Canadian data in the cloud.
Cloud Security
Policies and Standards
- Policy on Management of Information Technology
- Policy on Government Security
- Direction for Electronic Data Residency, ITPIN No: 2017-02
- Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)
Guidance
- Government of Canada Security Control Profile for Cloud-Based GC IT Services
- Government of Canada Cloud Security Risk Management Approach and Procedures
- CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada
- CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones
- CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
- CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols
- CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process
- Guidance on Cloud Authentication for the Government of Canada
- Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain
- GC Event Logging Strategy (Draft)
- Standard Operating Procedure for GC Cloud Event Management
- Security Playbook for Information System Solutions
Tools & Templates
Cloud Security Initiative
Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security inititative Cloud Security Intiative
