AWS Public Sector Blog

Canadian Centre for Cyber Security adds additional AWS services to its assessment of the AWS Canada (Central) Region

The Canadian Centre for Cyber Security (CCCS) is Canada’s authoritative source of cyber security expert guidance, services, and support. CCCS provides this expertise to Canadian governments, industry, and the general public. Their rigorous assessments of cloud service providers are relied on by Canadian public sector organizations across the country, to make informed cloud procurement decisions. In September 2021, CCCS added more Amazon Web Services (AWS) services to its assessment of the AWS Canada (Central) Region, bringing the total number of assessed AWS services to 120. This provides Canadian public sector customers additional confidence that AWS Cloud services meet the Government of Canada’s security control requirements.

With the completion of this latest assessment, the Government of Canada (GC) can access new, additional AWS services. Using these services in conjunction with the deployment of the open source AWS Secure Environment Accelerator (ASEA) solution reduces cloud service configuration time from months to days.

ASEA helps Canadian public sector customers obtain ATO faster

The CCCS assessment is one of several key investments that AWS is making to help Canadian public sector customers meet security framework controls, such as the CCCS Medium Cloud Security Profile, which replaced the GC’s PROTECTED B / Medium Integrity / Medium Availability (PBMM) profile in May 2020. Government departments work hard to put in place the required security controls for cloud service roll-out, and obtaining an Authority to Operate (ATO) can sometimes take up to 18 months. To assist with this process, AWS developed the open-source project ASEA. Designed in consultation with CCCS and GC’s Treasury Board, ASEA automates the configuration of AWS services to help meet the CCCS Medium Cloud Security Profile controls.

Using ASEA automation has saved customers three months of effort on average—a key advantage when facing time and labor resource constraints. As a companion to the ASEA, AWS has also developed a generic CCCS Medium evidence package for a portion of the controls implemented by ASEA, addressing the need for documentation of implemented controls. Departments can request this package through their AWS account teams, and can edit this package to reflect the details of their implementation (as well as confirming that the implementation meets their requirements).

AWS teams complete CCCS’s Cloud Security Assessment & Authorization (SA&A) workshop

While the CCCS’s Cloud Security Assessment & Authorization (SA&A) process is the customer’s responsibility, AWS has chosen to train its field teams on how the GC’s SA&A process works, to guide customers as they document how AWS services are used and configured to meet controls. For this, we turned to CCCS’s Learning Hub, a trusted source for leading-edge learning activities and programs for cyber security and COMSEC professionals working within the GC or with domestic partners.

CCCS’s workshop aims to refine cloud computing concepts and establish a deeper understanding of the cloud computing SA&A process within a GC context. The advice and guidance provided in this workshop covers Cloud Service Provider Assessments and risk management decisions when procuring a public cloud service, as well as GC Cloud Usage Profiles, GC Accelerators, Guardrails and general Cloud Security Guidance.

Canada’s PROTECTED B / Medium Integrity / Medium Availability (PBMM) Framework

AWS’s completion of CCCS training and assessments builds on our deep commitment to providing protected cloud environments for the Government of Canada. In 2019, AWS executed a framework agreement with the government to host GC workloads that are classified up to PBMM. With ASEA, we’re seeing growing momentum behind getting GC PBMM workloads onto AWS—with 30 deployments to date. We’ve also seen public sector customers in the UK and Australia adopt ASEA. With each ATO achieved, new lessons are incorporated into ASEA and the sample evidence package where feasible.

For government teams who want to accelerate their launch of PBMM workloads in the cloud, AWS’s ASEA is a reliable, secure, open-source starting point. For more information on meeting your compliance needs on AWS, visit our compliance page, or contact your AWS account team.

Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.

The AWS Public Sector Blog needs your help. Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.