Changes

1,562 bytes added ,  13:50, 30 January 2020
no edit summary
Line 38: Line 38:  
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.  
 
* [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.  
 +
 
== Cloud Security ==
 
== Cloud Security ==
Learn recommendations and actions that your Department can implement to protect your networks through the [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Intiative]  
+
 
 +
===  Policies and Standards ===
 +
::* Policy on Management of Information Technology
 +
::* Policy on Government Security
 +
::* Direction for Electronic Data Residency, ITPIN No: 2017-02
 +
::* Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)
 +
 
 +
=== Guidance ===
 +
::* Government of Canada Security Control Profile for Cloud-Based GC IT Services
 +
::* Government of Canada Cloud Security Risk Management Approach and Procedures
 +
::* CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada
 +
::* CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones
 +
::* CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
 +
::* CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols
 +
::* CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process
 +
::* Guidance on Cloud Authentication for the Government of Canada
 +
::* Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain
 +
::* GC Event Logging Strategy (Draft)
 +
::* Standard Operating Procedure for GC Cloud Event Management
 +
::* Security Playbook for Information System Solutions
 +
 
 +
=== Tools & Templates ===
 +
 
 +
::* https://gccode.ssc-spc.gc.ca/GCCloudEnablement
 +
::*    https://github.com/canada-ca/accelerators_accelerateurs-azure
 +
::* https://github.com/canada-ca/accelerators_accelerateurs-aws
 +
 
 +
== Cloud Security Initiative ==
 +
Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security inititative  [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Intiative]  
 
</big></big>
 
</big></big>
 
{{GC Cloud Information Centre Footer}}
 
{{GC Cloud Information Centre Footer}}
 
__FORCETOC__
 
__FORCETOC__