![]() ![]() Following the cessation of CSCP and CCSL, ACSC and the Digital Transformation Agency (DTA) released new cloud security guidance. All prior cloud services certification and re-certification letters issued by the Australian Signals Directorate (ASD) were declared void. However, pursuant to a review of CSCP and IRAP, ACSC ceased the CSCP and CCSL in 2020. ![]() The ACSC used to maintain the Cloud Services Certification Program (CSCP) through which cloud services were certified and featured on the Certified Cloud Services List (CCSL). Broadly, the risk management framework used by the ISM has six steps: define the system, select security controls, implement security controls, assess security controls, authorize the system, and monitor the system. Within this risk management framework, the identification of risks and selection of security controls can be undertaken using various risk management standards, such as the ISO 31000:2018, Risk management – Guidelines. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. The risk management framework used by the ACSC ISM draws from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 Rev. Endorsed IRAP assessors can provide an independent assessment of ICT security, suggest risk mitigations, and highlight residual risks. It describes the mechanism for cloud services to assess security controls within their platforms and a framework to endorse individuals from the private and public sectors to provide cyber security assessment services to the Australian government. IRAP is governed and administered by the Australian Cyber Security Centre (ACSC). The IRAP goal is to maximize the security of Australian federal, state, and local government data by focusing on the information and communications technology (ICT) infrastructure intended for data storage, processing, and communication. The Infosec Registered Assessors Program (IRAP) provides a comprehensive process for the independent assessment of a system’s security against the Australian Government Information Security Manual (ISM) requirements. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |