svetazi - stock.adobe.com
The Australian Signals Directorate (ASD) has pulled the plug on its Cloud Services Certification Programmme (CSCP), following a review of its efforts to protect the government against evolving cyber threats.
In a statement, the ASD said it would close the CSCP and create new co-designed cloud security guidelines with the industry. It would also cease to be the Certification Authority and will not be progressing certification activities. This includes re-certification activities.
All services listed on the Certified Cloud Services List (CCSL) will remain ASD certified until 30 June 2020, after which all ASD certifications and re-certification letters will be void. The Australian government’s information security manual will also be updated to remove the requirement to select cloud services from the CCSL.
The CCSL offers Australian government agencies a list of cloud services that have been certified to meet stringent security requirements. A total of 21 cloud services from cloud suppliers, including Amazon Web Services, Microsoft and Google, have been certified to run classified and unclassified workloads.
The ASD said the cessation of the CSCP will “open up the Australian cloud market to allow for more home-grown Australian providers to operate”, giving government customers a greater range of secure and cost-effective cloud services.
Meanwhile, the Digital Transformation Agency’s (DTA) existing ICT marketplaces are not affected by this change and will continue to operate as usual. This includes the cloud marketplace and its new approach to market in early 2020.
Mooted in October 2019, the cloud marketplace will replace the current the Cloud Services Panel (CSP), which hosts more than 500 cloud services from over 240 suppliers.
Read more about cyber security in Australia
- Compromised login credentials and human error were the most common causes of data breaches reported under Australia’s notifiable data breach regime from July to December 2019.
- The Australian government is reviewing the nation’s cyber security strategy, but is it looking at the right issues?
- Australian enterprises are navigating “a train-smash” of legislation and regulations on cyber security.
- A report suggesting Australian firms are experiencing fewer cyber incidents has left its co-author perplexed with the findings.
Suppliers on the marketplace will be chosen based on a range of criteria, including their commercial stability and viability; capacity to deliver at scale and meeting government requirements; and capability and credentials, including skilled and experienced personnel.
The DTA also urged government agencies to use the Australian government secure cloud strategy to support their adoption of cloud services, and will continue to work with ASD, suppliers and the broader industry to articulate best-practice cyber security measures.