- GOVERNMENT APPROVED ONLINE CLOUD SERVICES FOR BUSINESS HOW TO
- GOVERNMENT APPROVED ONLINE CLOUD SERVICES FOR BUSINESS MANUAL
The ACSC will continue to engage with both government and industry to ensure the new guidance is implemented effectively and remains fit for purpose.
GOVERNMENT APPROVED ONLINE CLOUD SERVICES FOR BUSINESS MANUAL
The cloud security guidance is further supported by the Information Security Manual (ISM), the Protective Security Policy Framework (PSPF), and the Secure Cloud Strategy. Importantly, the CSCM also captures the ability for cloud consumers to implement security controls for systems built on top of the CSP's services by identifying where they are responsible for configuring the service in accordance with the ISM. This does not preclude their use for other types of cloud services, though additional scrutiny should be applied to their reference in this case. Further, these comments have generally been developed with reference to OFFICIAL: Sensitive and PROTECTED public clouds. The CSCM also provides indicative guidance on the scoping of cloud security assessments, and inheritance for systems under a shared responsibility model, though it should be noted that guidance is not definitive and should be interpreted by the assessor in the context of the assessed system.
The latest CSCM can be found on the webpage for the Information Security Manual (ISM). To assist with the assessment of CSPs and their cloud services, the Cloud Security Controls Matrix (CSCM) can be used by IRAP assessors to capture the implementation of security controls.
GOVERNMENT APPROVED ONLINE CLOUD SERVICES FOR BUSINESS HOW TO
The cloud security guidance aims to guide organisations including government, cloud service providers (CSP's), and IRAP assessors on how to perform a comprehensive assessment of a CSP and its cloud services so a risk-informed decision can be made about its suitability to handle an organisation’s data. Cloud Security Assessment Report Template.Cloud Assessment and Authorisation - Frequently Asked Questions.