Difference between revisions of "Policy"

From wiki
Jump to navigation Jump to search
m
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
 
{{Cloud Information Centre - Government of Canada}}
 
{{Cloud Information Centre - Government of Canada}}
 +
<b>
 +
</b>
 +
<!-- NAV -->
 +
<!-- Columns -->
 +
 +
{| width="100%" cellpadding="10"
 +
 +
|width="90%" style="color: black;" align="right" |
 +
<!-- COLUMN 1 STARTS: -->
 +
[[Template: Politique|Français]]
 +
<!-- COLUMN 1 ENDS: -->
 +
|width="10%" style="color: black; align=center" |
 +
 +
<!-- COLUMN 2 STARTS: -->
 +
 +
<!-- COLUMN 2 ENDS: -->
 +
 +
<!-- Columns -->
 +
|}
  
= '''POLICY INSTRUMENTS''' =
+
{| width="100%" cellpadding="10"
 +
|-valign="top"
  
The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
+
|width="50%" style="color: black;" |
 +
<!-- COLUMN 1 STARTS: -->
 +
[[Image:Governance.jpg|250x250px|center |link=Governance]]
 +
<!-- COLUMN 1 ENDS: -->
 +
|width="50%" style="color: black;" |
 +
<!-- COLUMN 2 STARTS: -->
 +
[[Image:Cic.jpg|center|250x250px |link=GC_Cloud_Infocentre]]
 +
<!-- COLUMN 2 ENDS: -->
 +
|}
 +
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Policy Instruments</font><span>
  
 +
<big><big>The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
 +
<br><br>
 
== Strategic Plan ==
 
== Strategic Plan ==
* Digital Operations Strategic Plan: 2018-2022
+
* [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022]
* Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021
+
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/strategic-plan-information-management-information-technology.html Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021]
* Government of Canada Cloud Adoption Strategy: 2018 update
+
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-cloud-adoption-strategy.html Government of Canada Cloud Adoption Strategy: 2018 update]
  
 
== Policy and Directive ==
 
== Policy and Directive ==
* Policy on Service and Digital
+
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32603 Policy on Service and Digital]
* Directive on Service and Digital
+
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Directive on Service and Digital]
* Policy on Management of Information Technology
+
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Policy on Management of Information Technology]
* Policy Framework for Information and Technology
+
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32601 Policy Framework for Information and Technology]
* Policy on Information Management
+
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12742 Policy on Information Management]
* Directive on Automated Decision-Making
+
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=32592 Directive on Automated Decision-Making]
  
 
== Standards and Guidelines ==
 
== Standards and Guidelines ==
* Digital Standards
+
* [https://www.canada.ca/en/government/system/digital-government/government-canada-digital-standards.html Digital Standards]
* Standards on Application Programming Interfaces (APIs)
+
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/government-canada-standards-apis.html Standards on Application Programming Interfaces (APIs)]
* Government of Canada right cloud selection guidance
+
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-right-cloud-selection-guidance.html Government of Canada right cloud selection guidance]
* Government of Canada cloud security risk management approach and procedures
+
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Government of Canada cloud security risk management approach and procedures]
* Government of Canada Security Control Profile for Cloud-based GC Services
+
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-based GC Services]
* Government of Canada White Paper: Data Sovereignty and Public Cloud
+
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Government of Canada White Paper: Data Sovereignty and Public Cloud]
* Security and identity management guidance - Directives, standards, guidelines and publications related to security  
+
* [https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/security-identity-management.html Security and identity management guidance - Directives, standards, guidelines and publications related to security]
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services] - How to put in place secure cloud solutions.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Recommended controls for cloud-based services] - How to secure, manage, and use cloud services.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Using electronic signatures]- Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
 +
* [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Secure electronic signature regulations] - Getting a valid electronic signature.
 +
* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=20008 Public key infrastructure ] - Guideline on creating public keys for secure identity management
 +
* [https://www.canada.ca/en/government/system/digital-government/password-guidance.html Password management guidance ] - How government services should manage user passwords
 +
* [https://www.canada.ca/en/revenue-agency/services/about-canada-revenue-agency-cra/protecting-your-privacy/privacy-impact-assessment.html Privacy Impact Assessment Summaries] - Privacy Impact Assessments (PIAs)
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-right-cloud-selection-guidance.html Choosing the right cloud service] - Find out which cloud deployment model is right for your organization.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Data residency requirements] - Understand the Government of Canada’s requirements for the storage of data within Canada.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services] - How to put in place secure cloud solutions.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 +
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.
 +
 
 +
== Cloud Security ==
 +
 
 +
===  Policies and Standards ===
 +
::*    [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12755 Policy on Management of Information Technology]
 +
::* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578 Policy on Government Security]
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Direction for Electronic Data Residency, ITPIN No: 2017-02]
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)]
  
* Secure use of cloud services - How to put in place secure cloud solutions.  
+
=== Guidance ===
 +
::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-computing/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-Based GC IT Services]
 +
::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 Government of Canada Cloud Security Risk Management Approach and Procedures]
 +
::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada]
 +
::* [https://cyber.gc.ca/en/guidance/network-security-zoning-design-considerations-placement-services-within-zones-itsg-38 CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones]
 +
::* [https://cyber.gc.ca/en/guidance/user-authentication-guidance-information-technology-systems-itsp30031-v3 CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems]
 +
::* [https://nam06.safelinks.protection.outlook.com/?url=https://www.cse-cst.gc.ca/en/node/1830/html/26507&data=02|01|Jamie.Hart@microsoft.com|7503434d3e8c4c8cc23808d68d7d1039|72f988bf86f141af91ab2d7cd011db47|1|0|636851965624128440&sdata=TDPmXQvqrn0jGPdERr3KmlsTo0WJVu646TgUe8ZpxNg%3D&reserved=0 CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols]
 +
::* [https://cyber.gc.ca/en/guidance/cloud-service-provider-information-technology-security-assessment-process-itsm50100 CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process]
 +
::* [https://intranet.canada.ca/wg-tg/cagc-angc-eng.asp Guidance on Cloud Authentication for the Government of Canada]
 +
::* [https://intranet.canada.ca/wg-tg/rtua-rafu-eng.asp Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/e/e3/GC_Event_Logging_Strategy.pdf GC Event Logging Strategy (Draft)]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/5/5f/GC_Cloud_Event_Management_Standard_Operating_Procedure.pdf Standard Operating Procedure for GC Cloud Event Management]
 +
::* [https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Security_Playbook_for_Information_System_Solutions.pdf Security Playbook for Information System Solutions]
  
* Recommended controls for cloud-based services - How to secure, manage, and use cloud services.
+
=== Tools & Templates ===
* Using electronic signatures - Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
 
* Secure electronic signature regulations - Getting a valid electronic signature.
 
* Public key infrastructure - Guideline on creating public keys for secure identity management
 
* Password management guidance - How government services should manage user passwords
 
* Privacy Impact Assessment Summaries - Privacy Impact Assessments (PIAs)
 
* Choosing the right cloud service - Find out which cloud deployment model is right for your organization.
 
* Data residency requirements - Understand the Government of Canada’s requirements for the storage of data within Canada.
 
* Secure use of cloud services - How to put in place secure cloud solutions.
 
  
* Risk-management for cloud-based services
+
::* https://gccode.ssc-spc.gc.ca/GCCloudEnablement
* Protect cloud services by ensuring that the proper security controls are in place.
+
::*     https://github.com/canada-ca/accelerators_accelerateurs-azure
* Data sovereignty in cloud environments - Assessing the risks of foreign governments accessing Canadian data in the cloud.
+
::* https://github.com/canada-ca/accelerators_accelerateurs-aws
<multilang>
 
@en|__NOTOC__
 
  
</multilang>
+
== Cloud Security Initiative ==
 +
Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative  [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Initiative]
 +
</big></big>
 
{{GC Cloud Information Centre Footer}}
 
{{GC Cloud Information Centre Footer}}
 +
__FORCETOC__

Latest revision as of 00:19, 8 April 2020


Banne cloud.jpg



Français


Governance.jpg
Cic.jpg

Policy Instruments

The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.

Strategic Plan

Policy and Directive

Standards and Guidelines

Cloud Security

Policies and Standards

Guidance

Tools & Templates

Cloud Security Initiative

Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative Cloud Security Initiative