Difference between revisions of "Policy"
Jump to navigation
Jump to search
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | |||
{{Cloud Information Centre - Government of Canada}} | {{Cloud Information Centre - Government of Canada}} | ||
+ | <b> | ||
+ | </b> | ||
+ | <!-- NAV --> | ||
+ | <!-- Columns --> | ||
+ | |||
+ | {| width="100%" cellpadding="10" | ||
+ | |||
+ | |width="90%" style="color: black;" align="right" | | ||
+ | <!-- COLUMN 1 STARTS: --> | ||
+ | [[Template: Politique|Français]] | ||
+ | <!-- COLUMN 1 ENDS: --> | ||
+ | |width="10%" style="color: black; align=center" | | ||
+ | |||
+ | <!-- COLUMN 2 STARTS: --> | ||
+ | |||
+ | <!-- COLUMN 2 ENDS: --> | ||
+ | |||
+ | <!-- Columns --> | ||
+ | |} | ||
+ | |||
+ | {| width="100%" cellpadding="10" | ||
+ | |-valign="top" | ||
+ | |||
+ | |width="50%" style="color: black;" | | ||
+ | <!-- COLUMN 1 STARTS: --> | ||
+ | [[Image:Governance.jpg|250x250px|center |link=Governance]] | ||
+ | <!-- COLUMN 1 ENDS: --> | ||
+ | |width="50%" style="color: black;" | | ||
+ | <!-- COLUMN 2 STARTS: --> | ||
+ | [[Image:Cic.jpg|center|250x250px |link=GC_Cloud_Infocentre]] | ||
+ | <!-- COLUMN 2 ENDS: --> | ||
+ | |} | ||
<span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Policy Instruments</font><span> | <span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Policy Instruments</font><span> | ||
− | |||
<big><big>The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada. | <big><big>The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada. | ||
− | + | <br><br> | |
== Strategic Plan == | == Strategic Plan == | ||
* [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022] | * [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022] | ||
Line 25: | Line 57: | ||
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-based GC Services] | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-based GC Services] | ||
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Government of Canada White Paper: Data Sovereignty and Public Cloud] | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Government of Canada White Paper: Data Sovereignty and Public Cloud] | ||
− | * | + | * [https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/security-identity-management.html Security and identity management guidance - Directives, standards, guidelines and publications related to security] |
− | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services - How to put in place secure cloud solutions. | + | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services] - How to put in place secure cloud solutions. |
− | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Recommended controls for cloud-based services - How to secure, manage, and use cloud services. | + | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Recommended controls for cloud-based services] - How to secure, manage, and use cloud services. |
− | * Using electronic signatures - Guidance on using electronic signatures in support of the GC’s day-to-day business activities. | + | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-security-control-profile-cloud-based-it-services.html Using electronic signatures]- Guidance on using electronic signatures in support of the GC’s day-to-day business activities. |
− | * Secure electronic signature regulations - Getting a valid electronic signature. | + | * [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Secure electronic signature regulations] - Getting a valid electronic signature. |
− | * Public key infrastructure - Guideline on creating public keys for secure identity management | + | * [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=20008 Public key infrastructure ] - Guideline on creating public keys for secure identity management |
− | * Password management guidance - How government services should manage user passwords | + | * [https://www.canada.ca/en/government/system/digital-government/password-guidance.html Password management guidance ] - How government services should manage user passwords |
− | * Privacy Impact Assessment Summaries - Privacy Impact Assessments (PIAs) | + | * [https://www.canada.ca/en/revenue-agency/services/about-canada-revenue-agency-cra/protecting-your-privacy/privacy-impact-assessment.html Privacy Impact Assessment Summaries] - Privacy Impact Assessments (PIAs) |
− | * Choosing the right cloud service - Find out which cloud deployment model is right for your organization. | + | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-right-cloud-selection-guidance.html Choosing the right cloud service] - Find out which cloud deployment model is right for your organization. |
− | * Data residency requirements - Understand the Government of Canada’s requirements for the storage of data within Canada. | + | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Data residency requirements] - Understand the Government of Canada’s requirements for the storage of data within Canada. |
− | * Secure use of cloud services - How to put in place secure cloud solutions. | + | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Secure use of cloud services] - How to put in place secure cloud solutions. |
+ | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place. | ||
+ | * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud. | ||
+ | |||
+ | == Cloud Security == | ||
+ | |||
+ | === Policies and Standards === | ||
+ | ::* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12755 Policy on Management of Information Technology] | ||
+ | ::* [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578 Policy on Government Security] | ||
+ | ::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Direction for Electronic Data Residency, ITPIN No: 2017-02] | ||
+ | ::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)] | ||
+ | |||
+ | === Guidance === | ||
+ | ::* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-computing/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-Based GC IT Services] | ||
+ | ::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 Government of Canada Cloud Security Risk Management Approach and Procedures] | ||
+ | ::* [https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada] | ||
+ | ::* [https://cyber.gc.ca/en/guidance/network-security-zoning-design-considerations-placement-services-within-zones-itsg-38 CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones] | ||
+ | ::* [https://cyber.gc.ca/en/guidance/user-authentication-guidance-information-technology-systems-itsp30031-v3 CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems] | ||
+ | ::* [https://nam06.safelinks.protection.outlook.com/?url=https://www.cse-cst.gc.ca/en/node/1830/html/26507&data=02|01|Jamie.Hart@microsoft.com|7503434d3e8c4c8cc23808d68d7d1039|72f988bf86f141af91ab2d7cd011db47|1|0|636851965624128440&sdata=TDPmXQvqrn0jGPdERr3KmlsTo0WJVu646TgUe8ZpxNg%3D&reserved=0 CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols] | ||
+ | ::* [https://cyber.gc.ca/en/guidance/cloud-service-provider-information-technology-security-assessment-process-itsm50100 CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process] | ||
+ | ::* [https://intranet.canada.ca/wg-tg/cagc-angc-eng.asp Guidance on Cloud Authentication for the Government of Canada] | ||
+ | ::* [https://intranet.canada.ca/wg-tg/rtua-rafu-eng.asp Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain] | ||
+ | ::* [https://www.gcpedia.gc.ca/gcwiki/images/e/e3/GC_Event_Logging_Strategy.pdf GC Event Logging Strategy (Draft)] | ||
+ | ::* [https://www.gcpedia.gc.ca/gcwiki/images/5/5f/GC_Cloud_Event_Management_Standard_Operating_Procedure.pdf Standard Operating Procedure for GC Cloud Event Management] | ||
+ | ::* [https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Security_Playbook_for_Information_System_Solutions.pdf Security Playbook for Information System Solutions] | ||
+ | |||
+ | === Tools & Templates === | ||
− | * | + | ::* https://gccode.ssc-spc.gc.ca/GCCloudEnablement |
− | * | + | ::* https://github.com/canada-ca/accelerators_accelerateurs-azure |
− | * | + | ::* https://github.com/canada-ca/accelerators_accelerateurs-aws |
− | |||
− | |||
− | </ | + | == Cloud Security Initiative == |
+ | Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Initiative] | ||
+ | </big></big> | ||
{{GC Cloud Information Centre Footer}} | {{GC Cloud Information Centre Footer}} | ||
__FORCETOC__ | __FORCETOC__ |
Latest revision as of 00:19, 8 April 2020
|
Policy Instruments
The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
Strategic Plan
- Digital Operations Strategic Plan: 2018-2022
- Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021
- Government of Canada Cloud Adoption Strategy: 2018 update
Policy and Directive
- Policy on Service and Digital
- Directive on Service and Digital
- Policy on Management of Information Technology
- Policy Framework for Information and Technology
- Policy on Information Management
- Directive on Automated Decision-Making
Standards and Guidelines
- Digital Standards
- Standards on Application Programming Interfaces (APIs)
- Government of Canada right cloud selection guidance
- Government of Canada cloud security risk management approach and procedures
- Government of Canada Security Control Profile for Cloud-based GC Services
- Government of Canada White Paper: Data Sovereignty and Public Cloud
- Security and identity management guidance - Directives, standards, guidelines and publications related to security
- Secure use of cloud services - How to put in place secure cloud solutions.
- Recommended controls for cloud-based services - How to secure, manage, and use cloud services.
- Using electronic signatures- Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
- Secure electronic signature regulations - Getting a valid electronic signature.
- Public key infrastructure - Guideline on creating public keys for secure identity management
- Password management guidance - How government services should manage user passwords
- Privacy Impact Assessment Summaries - Privacy Impact Assessments (PIAs)
- Choosing the right cloud service - Find out which cloud deployment model is right for your organization.
- Data residency requirements - Understand the Government of Canada’s requirements for the storage of data within Canada.
- Secure use of cloud services - How to put in place secure cloud solutions.
- Risk-management for cloud-based services - Protect cloud services by ensuring that the proper security controls are in place.
- Data sovereignty in cloud environments - Assessing the risks of foreign governments accessing Canadian data in the cloud.
Cloud Security
Policies and Standards
Guidance
- Government of Canada Security Control Profile for Cloud-Based GC IT Services
- Government of Canada Cloud Security Risk Management Approach and Procedures
- CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada
- CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones
- CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
- CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols
- CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process
- Guidance on Cloud Authentication for the Government of Canada
- Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain
- GC Event Logging Strategy (Draft)
- Standard Operating Procedure for GC Cloud Event Management
- Security Playbook for Information System Solutions
Tools & Templates
Cloud Security Initiative
Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative Cloud Security Initiative