Difference between revisions of "Policy"

From wiki
Jump to navigation Jump to search
Line 38: Line 38:
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.  
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.  
 +
 
== Cloud Security ==
 
== Cloud Security ==
Learn recommendations and actions that your Department can implement to protect your networks through the [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Intiative]  
+
 
 +
===  Policies and Standards ===
 +
::* Policy on Management of Information Technology
 +
::* Policy on Government Security
 +
::* Direction for Electronic Data Residency, ITPIN No: 2017-02
 +
::* Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)
 +
 
 +
=== Guidance ===
 +
::* Government of Canada Security Control Profile for Cloud-Based GC IT Services
 +
::* Government of Canada Cloud Security Risk Management Approach and Procedures
 +
::* CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada
 +
::* CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones
 +
::* CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
 +
::* CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols
 +
::* CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process
 +
::* Guidance on Cloud Authentication for the Government of Canada
 +
::* Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain
 +
::* GC Event Logging Strategy (Draft)
 +
::* Standard Operating Procedure for GC Cloud Event Management
 +
::* Security Playbook for Information System Solutions
 +
 
 +
=== Tools & Templates ===
 +
 
 +
::* https://gccode.ssc-spc.gc.ca/GCCloudEnablement
 +
::*    https://github.com/canada-ca/accelerators_accelerateurs-azure
 +
::* https://github.com/canada-ca/accelerators_accelerateurs-aws
 +
 
 +
== Cloud Security Initiative ==
 +
Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security inititative  [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Intiative]  
 
</big></big>
 
</big></big>
 
{{GC Cloud Information Centre Footer}}
 
{{GC Cloud Information Centre Footer}}
 
__FORCETOC__
 
__FORCETOC__

Revision as of 13:50, 30 January 2020


Banne cloud.jpg



Policy Instruments


The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.

Strategic Plan

Policy and Directive

Standards and Guidelines

Cloud Security

Policies and Standards

  • Policy on Management of Information Technology
  • Policy on Government Security
  • Direction for Electronic Data Residency, ITPIN No: 2017-02
  • Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)

Guidance

  • Government of Canada Security Control Profile for Cloud-Based GC IT Services
  • Government of Canada Cloud Security Risk Management Approach and Procedures
  • CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada
  • CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones
  • CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
  • CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols
  • CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process
  • Guidance on Cloud Authentication for the Government of Canada
  • Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain
  • GC Event Logging Strategy (Draft)
  • Standard Operating Procedure for GC Cloud Event Management
  • Security Playbook for Information System Solutions

Tools & Templates

Cloud Security Initiative

Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security inititative Cloud Security Intiative