Line 1: |
Line 1: |
− | <div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">[[File:JoinusonGCconnex.png|link=https://gcconnex.gc.ca/groups/profile/2785549/gc-enterprise-security-architecture-gc-esa]]<br />[[File:ESAcontactus.png|link=mailto:ZZTBSCYBERS@tbs-sct.gc.ca]]</div>
| + | {{Delete|reason=Not needed anymore}} |
− | [[File:GOC ESA.jpg|center|link=https://www.gcpedia.gc.ca/wiki/Government_of_Canada_Enterprise_Security_Architecture_(ESA)_Program]]
| |
− | <div class="center">
| |
− | {| style="border: 2px solid #000000; border-image: none;" width="1000px" | |
− | |-
| |
− | ! style="background: #e1caf7; color: black" width="175px" scope="col" " | [[Government of Canada Enterprise Security Architecture (ESA) Program|ESA Program Overview]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Backgrounder (Strategy)|ESA Foundation]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Requirements|ESA Artifacts]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Initiatives|ESA Initiatives]]
| |
− | ! style="background: #e1caf7; color: black" width="125px" scope="col" " | [[ESA Tools and Templates]]
| |
− | ! style="background: #C495F0; color: black" width="125px" scope="col" " | [[GC ESA Artifact Repository|ESA Reference Materials]]
| |
− | ! style="background: #e1caf7; color: black" width="100px" scope="col" " | [[ESA Glossary| Glossary]]
| |
− | |}
| |
− | {| style="border-bottom: #000000 2px solid; border-left: #000000 2px solid; border-right: #000000 2px solid" width="1000px" | |
− | |-
| |
− | ! style="background: #c2c2fa; color: black" width="18%" scope="col" | [[GC ESA Artifact Repository|ESA Artifact Repository]]
| |
− | ! style="background: #c2c2fa; color: black" width="16%" scope="col" | [[GC Threat Assessments - Repository| GC Threat Assessment Repository]]
| |
− | ! style="background: #9a9af8; color: black" width="12%" scope="col" | [[GC Security Assessments - Repository|GC Security Assessment Repository]]
| |
− | ! style="background: #c2c2fa; color: black" width="18%" scope="col" | [[Emerging Technologies]]
| |
− | ! style="background: #c2c2fa; color: black" width="16%" scope="col" | [[Other Resources]]
| |
− | |} </div></div>
| |
− | | |
− | {{TOCright}}
| |
− | | |
− | == Purpose ==
| |
− | | |
− | This site hosts an inventory of completed security assessment reports.
| |
− | | |
− | As per the [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578 Policy on Government Security], departments and agencies must perform security assessment and authorization of their information systems or services before approving them for operation. In the context of cloud, this responsibility extends to any additional security controls being implemented to satisfy departmental requirements. Consideration of the departmental risk profile and the department’s culture, mission and business objectives, and the threats that pertain to the departmental business activities, will help determine the proportionate security measures needed to ensure the adequate protection of GC information.
| |
− | | |
− | Understanding the overall effectiveness of security controls is essential in determining and managing the residual risks under which a cloud-based service will be operating. Prioritizing security at the beginning of a project life cycle and building security in cloud-based services from the outset are also effective ways to streamline security assessment and ensure successful authorization.
| |
− | | |
− | Departments that are seeking to consume cloud services can leverage the results of GC-assessed CSPs to support risk-based decisions. It is expected that departments review these assessments, with consideration of the scope and security outlined in the report, and in conjunction with the security assessments performed for security controls that departments are responsible for implementing.
| |
− | | |
− | == Completed Security Assessments ==
| |
− | ''Last updated - 7 March 2021''
| |
− | | |
− | The following table provides an inventory of completed security assessments.
| |
− | <br>
| |
− | | |
− | {| class="wikitable"
| |
− | ! style="background: #000000; color: #ffffff " |Cloud Service Provider
| |
− | ! style="background: #000000; color: #ffffff " |Description
| |
− | ! style="background: #000000; color: #ffffff " |Service Model
| |
− | ! style="background: #000000; color: #ffffff " |Scope of Services
| |
− | ! style="background: #000000; color: #ffffff " |Procurement Information
| |
− | ! style="background: #000000; color: #ffffff " |Categorization
| |
− | ! style="background: #000000; color: #ffffff " |Date of Report
| |
− | ! style="background: #000000; color: #ffffff " |Contact Info
| |
− | ! style="background: #000000; color: #ffffff " |Additional Information
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''Amazon Web Services (AWS)'''
| |
− | |TBD
| |
− | |IaaS, PaaS, SaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |N/A
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''Microsoft Azure'''
| |
− | |TBD
| |
− | |IaaS, PaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |N/A
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''Microsoft Dynamics 365'''
| |
− | |TBD
| |
− | |SaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |N/A
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''Microsoft Office 365'''
| |
− | |TBD
| |
− | |SaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |Microsoft Enterprise Agreement
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |SSC has completed the security assessments for the supporting common services including DCAM, WAP. Please contact [mailto:bhawani.kaul@canada.ca SSC] to obtain a copy of these reports.
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''Google Cloud Platform'''
| |
− | |TBD
| |
− | |IaaS, PaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |N/A
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''Oracle Cloud'''
| |
− | |TBD
| |
− | |IaaS, PaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |N/A
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''IBM Cloud'''
| |
− | |TBD
| |
− | |IaaS, PaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''ThinkOn'''
| |
− | |TBD
| |
− | |IaaS, PaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |N/A
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''Salesforce'''
| |
− | |TBD
| |
− | |PaaS, SaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |N/A
| |
− | |-
| |
− | | style="background: #727272; color: #ffffff " |'''ServiceNow'''
| |
− | |TBD
| |
− | |SaaS
| |
− | |[https://cloud-broker.canada.ca/s/pbmmcatalogpage?language=en_US As per GC Cloud Brokering]
| |
− | |[https://buyandsell.gc.ca/procurement-data/tender-notice/PW-18-00841719 GC Cloud Framework Agreement - SSC]
| |
− | |[https://www.gcpedia.gc.ca/wiki/SPIN_2017-01_Third-Party_Assurance#Tiered_Assurance_Model Tier 2]
| |
− | |TBD
| |
− | |[mailto:contact@cyber.gc.ca contact@cyber.gc.ca]
| |
− | |N/A
| |
− | |-
| |
− | |}
| |
− | | |
− | [[Category:Enterprise Security Architecture]]
| |