GC Security Assessments - Repository

From wiki
Revision as of 08:38, 14 April 2021 by Greggory.elton (talk | contribs) (Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=https://gcconnex.gc.ca/groups/profile/278554...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Purpose

This site hosts an inventory of completed security assessment reports.

As per the Policy on Government Security, departments and agencies must perform security assessment and authorization of their information systems or services before approving them for operation. In the context of cloud, this responsibility extends to any additional security controls being implemented to satisfy departmental requirements. Consideration of the departmental risk profile and the department’s culture, mission and business objectives, and the threats that pertain to the departmental business activities, will help determine the proportionate security measures needed to ensure the adequate protection of GC information.

Understanding the overall effectiveness of security controls is essential in determining and managing the residual risks under which a cloud-based service will be operating. Prioritizing security at the beginning of a project life cycle and building security in cloud-based services from the outset are also effective ways to streamline security assessment and ensure successful authorization.

Departments that are seeking to consume cloud services can leverage the results of GC-assessed CSPs to support risk-based decisions. It is expected that departments review these assessments, with consideration of the scope and security outlined in the report, and in conjunction with the security assessments performed for security controls that departments are responsible for implementing.

Completed Security Assessments

Last updated - 7 March 2021

The following table provides an inventory of completed security assessments.

Cloud Service Provider Description Service Model Scope of Services Procurement Information Categorization Date of Report Contact Info Additional Information
Amazon Web Services (AWS) TBD IaaS, PaaS, SaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca N/A
Microsoft Azure TBD IaaS, PaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca N/A
Microsoft Dynamics 365 TBD SaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca N/A
Microsoft Office 365 TBD SaaS As per GC Cloud Brokering Microsoft Enterprise Agreement Tier 2 TBD contact@cyber.gc.ca SSC has completed the security assessments for the supporting common services including DCAM, WAP. Please contact SSC to obtain a copy of these reports.
Google Cloud Platform TBD IaaS, PaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca N/A
Oracle Cloud TBD IaaS, PaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca N/A
IBM Cloud TBD IaaS, PaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca
ThinkOn TBD IaaS, PaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca N/A
Salesforce TBD PaaS, SaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca N/A
ServiceNow TBD SaaS As per GC Cloud Brokering GC Cloud Framework Agreement - SSC Tier 2 TBD contact@cyber.gc.ca N/A