Difference between revisions of "Policy"

From wiki
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
 
{{Cloud Information Centre - Government of Canada}}
 
{{Cloud Information Centre - Government of Canada}}
 +
<b>
 +
</b>
 +
<!-- NAV -->
 +
<!-- Columns -->
 +
 +
{| width="100%" cellpadding="10"
 +
 +
|width="90%" style="color: black;" align="right" |
 +
<!-- COLUMN 1 STARTS: -->
 +
[[Template: Politique|Français]]
 +
<!-- COLUMN 1 ENDS: -->
 +
|width="10%" style="color: black; align=center" |
 +
 +
<!-- COLUMN 2 STARTS: -->
 +
 +
<!-- COLUMN 2 ENDS: -->
 +
 +
<!-- Columns -->
 +
|}
 +
 +
{| width="100%" cellpadding="10"
 +
|-valign="top"
 +
 +
|width="50%" style="color: black;" |
 +
<!-- COLUMN 1 STARTS: -->
 +
[[Image:Governance.jpg|250x250px|center |link=Governance]]
 +
<!-- COLUMN 1 ENDS: -->
 +
|width="50%" style="color: black;" |
 +
<!-- COLUMN 2 STARTS: -->
 +
[[Image:Cic.jpg|center|250x250px |link=GC_Cloud_Infocentre]]
 +
<!-- COLUMN 2 ENDS: -->
 +
|}
 
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Policy Instruments</font><span>
 
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Policy Instruments</font><span>
 
  
 
<big><big>The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
 
<big><big>The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
 
+
<br><br>
 
== Strategic Plan ==
 
== Strategic Plan ==
 
* [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022]
 
* [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022]
Line 38: Line 70:
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.  
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.  
</big></big><multilang>
 
@en|__NOTOC__
 
  
</multilang>
+
== Cloud Security ==
 +
 
 +
===  Policies and Standards ===
 +
::*    [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12755 Policy on Management of Information Technology]
 +
::* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578 Policy on Government Security]
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Direction for Electronic Data Residency, ITPIN No: 2017-02]
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)]
 +
 
 +
=== Guidance ===
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-computing/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-Based GC IT Services]
 +
::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 Government of Canada Cloud Security Risk Management Approach and Procedures]
 +
::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada]
 +
::* [https://cyber.gc.ca/en/guidance/network-security-zoning-design-considerations-placement-services-within-zones-itsg-38 CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones]
 +
::* [https://cyber.gc.ca/en/guidance/user-authentication-guidance-information-technology-systems-itsp30031-v3 CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems]
 +
::* [https://nam06.safelinks.protection.outlook.com/?url=https://www.cse-cst.gc.ca/en/node/1830/html/26507&data=02|01|Jamie.Hart@microsoft.com|7503434d3e8c4c8cc23808d68d7d1039|72f988bf86f141af91ab2d7cd011db47|1|0|636851965624128440&sdata=TDPmXQvqrn0jGPdERr3KmlsTo0WJVu646TgUe8ZpxNg%3D&reserved=0 CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols]
 +
::* [https://cyber.gc.ca/en/guidance/cloud-service-provider-information-technology-security-assessment-process-itsm50100 CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process]
 +
::* [https://intranet.canada.ca/wg-tg/cagc-angc-eng.asp Guidance on Cloud Authentication for the Government of Canada]
 +
::* [https://intranet.canada.ca/wg-tg/rtua-rafu-eng.asp Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/e/e3/GC_Event_Logging_Strategy.pdf GC Event Logging Strategy (Draft)]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/5/5f/GC_Cloud_Event_Management_Standard_Operating_Procedure.pdf Standard Operating Procedure for GC Cloud Event Management]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Security_Playbook_for_Information_System_Solutions.pdf Security Playbook for Information System Solutions]
 +
 
 +
=== Tools & Templates ===
 +
 
 +
::* https://gccode.ssc-spc.gc.ca/GCCloudEnablement
 +
::*    https://github.com/canada-ca/accelerators_accelerateurs-azure
 +
::* https://github.com/canada-ca/accelerators_accelerateurs-aws
 +
 
 +
== Cloud Security Initiative ==
 +
Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative  [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Initiative]
 +
</big></big>
 
{{GC Cloud Information Centre Footer}}
 
{{GC Cloud Information Centre Footer}}
 
__FORCETOC__
 
__FORCETOC__

Latest revision as of 01:19, 8 April 2020


Banne cloud.jpg



Français


Governance.jpg
Cic.jpg

Policy Instruments

The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.

Strategic Plan

Policy and Directive

Standards and Guidelines

Cloud Security

Policies and Standards

Guidance

Tools & Templates

Cloud Security Initiative

Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative Cloud Security Initiative