Canadian Centre for Cyber Security (CCCS) Medium Assessment

Overview


Canadian national flag

The Canadian Centre for Cyber Security (CCCS) is Canada’s authoritative source of cyber security expert guidance for Canadian government, industry, and the general public. Public and commercial sector organizations across Canada rely on the CCCS Cloud Service Provider (CSP) Information Technology Security (ITS) Assessment Process in their decision to use Amazon Web Services (AWS).

CCCS’s medium assessment process determines if the Government of Canada (GC) ITS requirements for the CCCS Medium Cloud Security Profile (previously referred to as GC’s PROTECTED B/Medium Integrity/Medium Availability [PBMM] profile) are met as described in ITSG-33 (IT Security Risk Management: A Lifecycle Approach, Annex 3 – Security Control Catalogue). As of November 2023, 150 services and features in the Canada (Central) and Canada West (Calgary) Region have been assessed by the CCCS, and meet the requirements for medium cloud security profile. Meeting the medium cloud security profile is required to host workloads that are classified up to and including medium categorization. In addition, CCCS’s ITS assessment process is a mandatory requirement for AWS to provide cloud services to Canadian federal government departments and agencies.

On a periodic basis, CCCS assesses new or previously unassessed services and re-assesses the AWS services that were previously assessed to verify that they continue to meet the GC requirements. CCCS prioritizes the medium assessment of new AWS services based on their availability in Canada, and customer demand for the AWS services.

FAQs


Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »