Difference between revisions of "Policy"

From wiki
Jump to navigation Jump to search
m
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
 
{{Cloud Information Centre - Government of Canada}}
 
{{Cloud Information Centre - Government of Canada}}
 +
<b>
 +
</b>
 +
<!-- NAV -->
 +
<!-- Columns -->
  
= '''POLICY INSTRUMENTS''' =
+
{| width="100%" cellpadding="10"
 
 
The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
 
 
 
Strategic Plan
 
 
 
Digital Operations Strategic Plan: 2018-2022
 
 
 
Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021
 
 
 
Government of Canada Cloud Adoption Strategy: 2018 update
 
 
 
Policy and Directive
 
 
 
Policy on Service and Digital
 
 
 
Directive on Service and Digital
 
 
 
Policy on Management of Information Technology
 
 
 
Policy Framework for Information and Technology
 
 
 
Policy on Information Management
 
 
 
Directive on Automated Decision-Making
 
 
 
Standards and Guidelines
 
 
 
Digital Standards
 
 
 
Standards on Application Programming Interfaces (APIs)
 
 
 
Government of Canada right cloud selection guidance
 
 
 
Government of Canada cloud security risk management approach and procedures
 
 
 
Government of Canada Security Control Profile for Cloud-based GC Services
 
 
 
Government of Canada White Paper: Data Sovereignty and Public Cloud
 
 
 
Security and identity management guidance
 
 
 
Directives, standards, guidelines and publications related to security
 
 
 
Secure use of cloud services
 
 
 
How to put in place secure cloud solutions.
 
 
 
Recommended controls for cloud-based services
 
 
 
How to secure, manage, and use cloud services.
 
 
 
Using electronic signatures
 
 
 
Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
 
 
 
Secure electronic signature regulations
 
 
 
Getting a valid electronic signature.
 
 
 
Public key infrastructure
 
 
 
Guideline on creating public keys for secure identity management
 
  
Password management guidance
+
|width="90%" style="color: black;" align="right" |
 +
<!-- COLUMN 1 STARTS: -->
 +
[[Template: Politique|Français]]
 +
<!-- COLUMN 1 ENDS: -->
 +
|width="10%" style="color: black; align=center" |
  
How government services should manage user passwords
+
<!-- COLUMN 2 STARTS: -->
  
Privacy Impact Assessment Summaries
+
<!-- COLUMN 2 ENDS: -->
  
Privacy Impact Assessments (PIAs)
+
<!-- Columns -->
 +
|}
  
Choosing the right cloud service
+
{| width="100%" cellpadding="10"
 +
|-valign="top"
  
Find out which cloud deployment model is right for your organization.  
+
|width="50%" style="color: black;" |
 +
<!-- COLUMN 1 STARTS: -->
 +
[[Image:Governance.jpg|250x250px|center |link=Governance]]
 +
<!-- COLUMN 1 ENDS: -->
 +
|width="50%" style="color: black;" |
 +
<!-- COLUMN 2 STARTS: -->
 +
[[Image:Cic.jpg|center|250x250px |link=GC_Cloud_Infocentre]]
 +
<!-- COLUMN 2 ENDS: -->
 +
|}
 +
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Policy Instruments</font><span>
  
Data residency requirements
+
<big><big>The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
 +
<br><br>
 +
== Strategic Plan ==
 +
* [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/strategic-plan-information-management-information-technology.html Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-cloud-adoption-strategy.html Government of Canada Cloud Adoption Strategy: 2018 update]
  
Understand the Government of Canada’s requirements for the storage of data within Canada.
+
== Policy and Directive ==
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32603 Policy on Service and Digital]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Directive on Service and Digital]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Policy on Management of Information Technology]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Policy Framework for Information and Technology]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12742 Policy on Information Management]
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32592 Directive on Automated Decision-Making]
  
Secure use of cloud services  
+
== Standards and Guidelines ==
 +
* [https://www.canada.ca/en/government/system/digital-government/government-canada-digital-standards.html Digital Standards]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/government-canada-standards-apis.html Standards on Application Programming Interfaces (APIs)]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-right-cloud-selection-guidance.html Government of Canada right cloud selection guidance]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Government of Canada cloud security risk management approach and procedures]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-based GC Services]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Government of Canada White Paper: Data Sovereignty and Public Cloud]
 +
* [https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/security-identity-management.html Security and identity management guidance - Directives, standards, guidelines and publications related to security]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services] - How to put in place secure cloud solutions.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Recommended controls for cloud-based services] - How to secure, manage, and use cloud services.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Using electronic signatures]- Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
 +
* [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Secure electronic signature regulations] - Getting a valid electronic signature.
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=20008 Public key infrastructure ] - Guideline on creating public keys for secure identity management
 +
* [https://www.canada.ca/en/government/system/digital-government/password-guidance.html Password management guidance ] - How government services should manage user passwords
 +
* [https://www.canada.ca/en/revenue-agency/services/about-canada-revenue-agency-cra/protecting-your-privacy/privacy-impact-assessment.html Privacy Impact Assessment Summaries] - Privacy Impact Assessments (PIAs)
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-right-cloud-selection-guidance.html Choosing the right cloud service] - Find out which cloud deployment model is right for your organization.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Data residency requirements] - Understand the Government of Canada’s requirements for the storage of data within Canada.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services] - How to put in place secure cloud solutions.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.
  
How to put in place secure cloud solutions.
+
== Cloud Security ==
  
Risk-management for cloud-based services
+
===  Policies and Standards ===
 +
::*    [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12755 Policy on Management of Information Technology]
 +
::* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578 Policy on Government Security]
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Direction for Electronic Data Residency, ITPIN No: 2017-02]
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)]
  
Protect cloud services by ensuring that the proper security controls are in place.
+
=== Guidance ===
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-computing/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-Based GC IT Services]
 +
::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 Government of Canada Cloud Security Risk Management Approach and Procedures]
 +
::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada]
 +
::* [https://cyber.gc.ca/en/guidance/network-security-zoning-design-considerations-placement-services-within-zones-itsg-38 CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones]
 +
::* [https://cyber.gc.ca/en/guidance/user-authentication-guidance-information-technology-systems-itsp30031-v3 CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems]
 +
::* [https://nam06.safelinks.protection.outlook.com/?url=https://www.cse-cst.gc.ca/en/node/1830/html/26507&data=02|01|Jamie.Hart@microsoft.com|7503434d3e8c4c8cc23808d68d7d1039|72f988bf86f141af91ab2d7cd011db47|1|0|636851965624128440&sdata=TDPmXQvqrn0jGPdERr3KmlsTo0WJVu646TgUe8ZpxNg%3D&reserved=0 CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols]
 +
::* [https://cyber.gc.ca/en/guidance/cloud-service-provider-information-technology-security-assessment-process-itsm50100 CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process]
 +
::* [https://intranet.canada.ca/wg-tg/cagc-angc-eng.asp Guidance on Cloud Authentication for the Government of Canada]
 +
::* [https://intranet.canada.ca/wg-tg/rtua-rafu-eng.asp Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/e/e3/GC_Event_Logging_Strategy.pdf GC Event Logging Strategy (Draft)]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/5/5f/GC_Cloud_Event_Management_Standard_Operating_Procedure.pdf Standard Operating Procedure for GC Cloud Event Management]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Security_Playbook_for_Information_System_Solutions.pdf Security Playbook for Information System Solutions]
  
Data sovereignty in cloud environments
+
=== Tools & Templates ===
  
Assessing the risks of foreign governments accessing Canadian data in the cloud.
+
::* https://gccode.ssc-spc.gc.ca/GCCloudEnablement
<multilang>
+
::*    https://github.com/canada-ca/accelerators_accelerateurs-azure
@en|__NOTOC__
+
::* https://github.com/canada-ca/accelerators_accelerateurs-aws
  
</multilang>
+
== Cloud Security Initiative ==
 +
Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative  [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Initiative]
 +
</big></big>
 
{{GC Cloud Information Centre Footer}}
 
{{GC Cloud Information Centre Footer}}
 +
__FORCETOC__

Latest revision as of 00:19, 8 April 2020


Banne cloud.jpg



Français


Governance.jpg
Cic.jpg

Policy Instruments

The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.

Strategic Plan

Policy and Directive

Standards and Guidelines

Cloud Security

Policies and Standards

Guidance

Tools & Templates

Cloud Security Initiative

Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative Cloud Security Initiative