Policy

Strategic Plan

• Digital Operations Strategic Plan: 2018-2022
• Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021
• Government of Canada Cloud Adoption Strategy: 2018 update

Policy and Directive

• Policy on Service and Digital
• Directive on Service and Digital
• Policy on Management of Information Technology
• Policy Framework for Information and Technology
• Policy on Information Management
• Directive on Automated Decision-Making

Standards and Guidelines

• Digital Standards
• Standards on Application Programming Interfaces (APIs)
• Government of Canada right cloud selection guidance
• Government of Canada cloud security risk management approach and procedures
• Government of Canada Security Control Profile for Cloud-based GC Services
• Government of Canada White Paper: Data Sovereignty and Public Cloud
• Security and identity management guidance - Directives, standards, guidelines and publications related to security
• Secure use of cloud services - How to put in place secure cloud solutions.
• Recommended controls for cloud-based services - How to secure, manage, and use cloud services.
• Using electronic signatures- Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
• Secure electronic signature regulations - Getting a valid electronic signature.
• Public key infrastructure - Guideline on creating public keys for secure identity management
• Password management guidance - How government services should manage user passwords
• Privacy Impact Assessment Summaries - Privacy Impact Assessments (PIAs)
• Choosing the right cloud service - Find out which cloud deployment model is right for your organization.
• Data residency requirements - Understand the Government of Canada’s requirements for the storage of data within Canada.
• Secure use of cloud services - How to put in place secure cloud solutions.
• Risk-management for cloud-based services - Protect cloud services by ensuring that the proper security controls are in place.
• Data sovereignty in cloud environments - Assessing the risks of foreign governments accessing Canadian data in the cloud.

Cloud Security

Policies and Standards

• Policy on Management of Information Technology
• Policy on Government Security
• Direction for Electronic Data Residency, ITPIN No: 2017-02
• Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)

Guidance

• Government of Canada Security Control Profile for Cloud-Based GC IT Services
• Government of Canada Cloud Security Risk Management Approach and Procedures
• CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada
• CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones
• CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
• CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols
• CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process
• Guidance on Cloud Authentication for the Government of Canada
• Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain
• GC Event Logging Strategy (Draft)
• Standard Operating Procedure for GC Cloud Event Management
• Security Playbook for Information System Solutions

Tools & Templates

• https://gccode.ssc-spc.gc.ca/GCCloudEnablement
• https://github.com/canada-ca/accelerators_accelerateurs-azure
• https://github.com/canada-ca/accelerators_accelerateurs-aws

Cloud Security Initiative