Difference between revisions of "Policy"

Latest revision as of 01:19, 8 April 2020

Policy Instruments

The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.

Strategic Plan

Policy and Directive

Standards and Guidelines

Digital Standards
Standards on Application Programming Interfaces (APIs)
Government of Canada right cloud selection guidance
Government of Canada cloud security risk management approach and procedures
Government of Canada Security Control Profile for Cloud-based GC Services
Government of Canada White Paper: Data Sovereignty and Public Cloud
Security and identity management guidance - Directives, standards, guidelines and publications related to security
Secure use of cloud services - How to put in place secure cloud solutions.
Recommended controls for cloud-based services - How to secure, manage, and use cloud services.
Using electronic signatures- Guidance on using electronic signatures in support of the GC’s day-to-day business activities.
Secure electronic signature regulations - Getting a valid electronic signature.
Public key infrastructure - Guideline on creating public keys for secure identity management
Password management guidance - How government services should manage user passwords
Privacy Impact Assessment Summaries - Privacy Impact Assessments (PIAs)
Choosing the right cloud service - Find out which cloud deployment model is right for your organization.
Data residency requirements - Understand the Government of Canada’s requirements for the storage of data within Canada.
Secure use of cloud services - How to put in place secure cloud solutions.
Risk-management for cloud-based services - Protect cloud services by ensuring that the proper security controls are in place.
Data sovereignty in cloud environments - Assessing the risks of foreign governments accessing Canadian data in the cloud.

Cloud Security

Policies and Standards

Guidance

Tools & Templates

Cloud Security Initiative

Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative Cloud Security Initiative

Learn more[edit | edit source]

ZZCIOBDP@tbs-sct.gc.ca

Cloud and Computing Network of Expertise

Cloud Technical Working Group

Digital Workplace Network of Expertise

Back to top

@@ Line 1: / Line 1: @@
 {{Cloud Information Centre - Government of Canada}}
+<b>
+</b>
+<!-- NAV -->
+<!-- Columns -->
+{| width="100%" cellpadding="10"
+|width="90%" style="color: black;" align="right" |
+<!-- COLUMN 1 STARTS: -->
+[[Template: Politique|Français]]
+<!-- COLUMN 1 ENDS: -->
+|width="10%" style="color: black; align=center" |
+<!-- COLUMN 2 STARTS: -->
+<!-- COLUMN 2 ENDS: -->
+<!-- Columns -->
+|}
+{| width="100%" cellpadding="10"
+|-valign="top"
+|width="50%" style="color: black;" |
+<!-- COLUMN 1 STARTS: -->
+[[Image:Governance.jpg|250x250px|center |link=Governance]]
+<!-- COLUMN 1 ENDS: -->
+|width="50%" style="color: black;" |
+<!-- COLUMN 2 STARTS: -->
+[[Image:Cic.jpg|center|250x250px |link=GC_Cloud_Infocentre]]
+<!-- COLUMN 2 ENDS: -->
+|}
 <span style="font-family: Century Gothic; font-size: 28pt;"><font color="#9F000F;">Policy Instruments</font><span>
 <big><big>The Treasury Board Secretariat (TBS) had developed a set of policy instruments that provide the necessary policy guidance to enable smooth cloud adoption across the Government of Canada.
+<br><br>
 == Strategic Plan ==
 * [https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022]
@@ Line 38: / Line 70: @@
 * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/cloud-security-risk-management-approach-procedures.html Risk-management for cloud-based services] - Protect cloud services by ensuring that the proper security controls are in place.
 * [https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html Data sovereignty in cloud environments] - Assessing the risks of foreign governments accessing Canadian data in the cloud.
-</big></big><multilang>
-@en|__NOTOC__
-</multilang>
+== Cloud Security ==
+===  Policies and Standards ===
+::*     [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12755 Policy on Management of Information Technology]
+::*	[https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578 Policy on Government Security]
+::*	[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-electronic-data-residency.html Direction for Electronic Data Residency, ITPIN No: 2017-02]
+::*	[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/direction-secure-use-commercial-cloud-services-spin.html Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN)]
+=== Guidance ===
+::*	[https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-computing/government-canada-security-control-profile-cloud-based-it-services.html Government of Canada Security Control Profile for Cloud-Based GC IT Services]
+::*	[https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 Government of Canada Cloud Security Risk Management Approach and Procedures]
+::*	[https://cyber.gc.ca/en/guidance/baseline-security-requirements-network-security-zones-government-canada-itsg-22 CCCS ITSG-22 Baseline Security Requirements for Network Security Zones in the Government of Canada]
+::*	[https://cyber.gc.ca/en/guidance/network-security-zoning-design-considerations-placement-services-within-zones-itsg-38 CCCS ITSG-38 Network Security Zoning - Design Considerations for Placement of Services within Zones]
+::*	[https://cyber.gc.ca/en/guidance/user-authentication-guidance-information-technology-systems-itsp30031-v3 CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems]
+::*	[https://nam06.safelinks.protection.outlook.com/?url=https://www.cse-cst.gc.ca/en/node/1830/html/26507&data=02|01|Jamie.Hart@microsoft.com|7503434d3e8c4c8cc23808d68d7d1039|72f988bf86f141af91ab2d7cd011db47|1|0|636851965624128440&sdata=TDPmXQvqrn0jGPdERr3KmlsTo0WJVu646TgUe8ZpxNg%3D&reserved=0 CCCS ITSP.40.062 Guidance on Securely Configuring Network Protocols]
+::*	[https://cyber.gc.ca/en/guidance/cloud-service-provider-information-technology-security-assessment-process-itsm50100 CCCS ITSM.50.100 Cloud Service Provider Information Technology Security Assessment Process]
+::*	[https://intranet.canada.ca/wg-tg/cagc-angc-eng.asp Guidance on Cloud Authentication for the Government of Canada]
+::*	[https://intranet.canada.ca/wg-tg/rtua-rafu-eng.asp Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain]
+::*	[https://www.gcpedia.gc.ca/gcwiki/images/e/e3/GC_Event_Logging_Strategy.pdf GC Event Logging Strategy (Draft)]
+::*	[https://www.gcpedia.gc.ca/gcwiki/images/5/5f/GC_Cloud_Event_Management_Standard_Operating_Procedure.pdf Standard Operating Procedure for GC Cloud Event Management]
+::*	[https://www.gcpedia.gc.ca/gcwiki/images/a/a8/Security_Playbook_for_Information_System_Solutions.pdf Security Playbook for Information System Solutions]
+=== Tools & Templates ===
+::*	https://gccode.ssc-spc.gc.ca/GCCloudEnablement
+::*     https://github.com/canada-ca/accelerators_accelerateurs-azure
+::*	https://github.com/canada-ca/accelerators_accelerateurs-aws
+== Cloud Security Initiative ==
+Learn recommendations and actions that your Department can implement to protect your networks through the Treasury Board Secretariat’s Cyber Security initiative  [https://www.gcpedia.gc.ca/wiki/Cloud_Security_Initiative Cloud Security Initiative]
+</big></big>
 {{GC Cloud Information Centre Footer}}
 __FORCETOC__