ESA Artifacts

From wiki
Revision as of 08:37, 7 April 2021 by Greggory.elton (talk | contribs) (Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Overview of ESA Program Artifacts

The GC ESA Program Implementation Framework provides an overview of the main artifacts that support the delivery of the ESA program. The three major themes are GC ESA governance and management, GC ESA planning, and GC ESA initiatives, as shown in the image below. The Enterprise Security Planning process results in the identification of a number of initiatives identified in the GC ESA Roadmap and supporting GC ESA Initiatives Strategy documents. Each initiative follows the same lifecycle, starting with an initiative framework, then an architecture/design definition, then implementation, and finally, operations and maintenance.

The scope of the GC ESA program activities includes the definitions of an initiative framework and architecture/design, but responsibility for implementation of an initiative is shared between the ITST and the departments implementing the initiative. As the initiative transitions from definition to implementation and operation, the implementing organization takes on more responsibility. Throughout the lifecycle of the initiative, it is subject to risk management and compliance oversight that requires regular reporting per the Horizontal Performance Measurement Strategy (HPMS). For more information about the overview of the ESA Program artifacts, please read the ESA Program Implementation Framework.

File:ESA Program Artefacts.PNG
ESA Program Artifacts


GC ESA Governance and Management

The government and management documents describe the 'why' and the 'how' of the ESA program approach from a program and architecture perspective.

GC ESA Program Charter

This document identifies the need for the ESA Program and defines a set of goals that the ESA Program is meant to achieve. It identifies the IT Security Tripartite (ITST) and other key stakeholders for the ESA Program within the GC.

GC ESA Program Implementation Framework

This document is the plan for governing and managing the ESA Program. It defines:

  • How the ITST works with other governance bodies within the GC to set the direction and objectives of the ESA Program;
  • The processes used to support the delivery of the ESA program and its objectives, and;
  • A description of the tools and templates that are developed under the ESA program.

GC Enterprise Security Architecture Framework

This document provides a set of methods and tools for developing a broad range of architectures, designing an information system in terms of a set of building blocks, and showing how the building blocks fit together. It also includes a consistent set of principles, capabilities, standards, guidelines, and a common vocabulary. It describes the various approaches for security requirements management and architecture development.

For more information about ESA program documents pertaining to governance and management, please read the GC ESA Program Implementation Framework.


GC ESA Planning

The planning documents describe what the ESA Program is doing, including background/context and rationale for its activities.

GC ESA Concept of Operations (ESA ConOps) and Annexes

This document provides details of the characteristics of the desired state for the GC enterprise. It describes the information assurance/cyber security scope for Government of Canada IT/IS enterprise system-of-systems. It identifies governance instruments, organizational structures, roles and responsibilities, risk management processes, security initiatives, and affected operational environments, as well as many other topics. The purpose of the GC ESA ConOps is to provide the GC enterprise with operational context from a security perspective, highlighting the relevant aspects of the operational environment, including the organization, current initiatives, abstracted views of the current architecture, gaps in current capability, and the evolution over time.

GC ESA Roadmap (GCER)

This document will define a long-term enterprise plan and strategies for the realization of a secure GC enterprise that aligns with strategic goals. It will describe the progression of associated policies, processes, and technologies required to transform the GC security landscape from its current states to a robust, sustainable, proactive, enterprise-wide future state. The GCER also defines enterprise security initiative groups positioned to drive organizational ownership, technical capability priorities, and needed policy instruments in support of achieving the vision of the ESA program.

GC ESA Initiatives Strategy (GCEIS)

This document provides a strategy for defining and implementing the initiatives presented as part of the GC Enterprise Roadmap (GCER). The GCEIS includes inter-initiative dependencies, entry criteria, benefits, exit criteria, and high level phasing to orchestrate the rollout of the initiatives in a logical manner. It will help to identify specific work packages, issues, risks, gaps, and potential solutions toward the realization of the ESA future state and will support the tactical activities captured in the ESA Three-Year Workplan.

GC ESA Three-Year Workplan

This document defines a three-year view of planned activities by the IT Security Tripartite (ITST) in support of the overarching ITST governance in accordance with the goals defined in the ESA Program Charter. The workplan provides a summary of high-level information pertaining to key work packages and activities, as part of the ESA Program. It will ensure alignment between ongoing tactical initiatives while making sure that strategic objectives are being addressed or considered. The workplan will be reviewed on a regular basis through the ESA Program governance structure to ensure that resources are effectively managed and activities are aligned with GC strategies.

GC ESA Description Document (ESADD) and Annexes

This document describes the target security architecture for the consolidated IT/IS enterprise spanning unclassified and classified use models. Based on the ESA system requirements, the ESADD defines the technical and non-technical ESFAs, and describes the capabilities of the enterprise components contained within the focus areas. Focus area annexes analyze and decompose enterprise components, assess user and/or capability perspectives, and generate detailed use cases and architecture patterns in support of defining a target architecture and transition strategy leading towards the proposed target.

GC ESA Requirements Database

This database is used to capture all requirements, by mapping them to security controls and other entities defined or used by the ESA, and the relationships among them. The database is described in further detail in the GC ESA Requirements Database Overview document.

For more information about ESA program documents pertaining to planning, please read the GC ESA Program Implementation Framework


GC ESA Initiatives

File:Relationship between ESFAs and Initiatives.PNG
Relationship between ESFAs and Initiatives

The purpose of the 'initiative process' is to define specific activities necessary for the progression of the policies, processes, and technological evolution required to transform the GC security landscape from its current state to a robust, sustainable, proactive, enterprise-wise future state.

The GC ESA Roadmap (GCER) defines enterprise security initiative groups positioned to drive organizational ownership, technical capability priorities, and needed policy instruments in support of achieving the ESA Program vision. The GCER identifies and prioritizes initiatives based on an evaluation of the current state of GC IT/IS enterprise security and the architectural vision. The image on the left shows the relationship between the ESFAs and initiatives. The ESFAs developed as part of the ESA architecture provide the foundation for the development of initiatives. Initiatives are selected for implementation to solve specific problems and may incorporate architectural concepts from a number of different ESFAs.

The following initiative-specific artifacts are developed by the ITST as part of the ESA program. Other artifacts necessary to fully implement an initiative are developed by individual departments and may vary depending on each department's System Development Lifecycle (SDLC).

Operational Concept (OpsCon)

This document describes the information assurance/cyber security scope for a given GC system. It identifies governance instruments, roles and responsibilities, and affected operations. It defines system actors, technical and non-technical enterprise security focus areas (ESFAs), operational scenarios, and stakeholder impacts.

High-Level Design (HLD)

This document is a vendor- and product-neutral design document that identifies initiative components, their relationship to ESA components, and their interactions in the form of design patterns and scenarios. It captures the design of a system, including security aspects of the implementation, ties the design back to system requirements and controls for traceability and verification that all functional, capabilities, and security obligations are covered in the implementation.

Initiative Implementation Strategy

The purpose of this document is to outline a detailed implementation strategy for the creation of GC capabilities as part of an initiative. The document will include activities required to achieve transition and target states outlined in the related HLD document and considers various organizational states with the GC.

For more information about ESA program documents pertaining to initiatives, please read the ESA Program Implementation Framework.


References