The Federal Government has issued new guidelines for third party providers offering cloud services to government agencies.
The new Cloud Security Guidance was released by the Australian Cyber Security Centre (ACSC) and the Digital Transformation Agency (DTA) “to support the secure adoption of cloud services across government and industry”.
The news follows the disbanding of the previous Cloud Services Certification Program (CSCP) and the associated Certified Cloud Services List (CCSL).
Under the new arrangement, Government departments will still self-assess cloud solutions and be responsible for assurance and risk management opportunities.
Under the previous scheme, only six cloud service providers (CSPs) had been authorised to sell to Government agencies: Amazon Web Services, Macquarie Government, Microsoft, NTT Australia, Sliced Tech and Vault Cloud.
“The release of the new guidance coincides with today’s cessation of the Certified Cloud Services List (CCSL) which will open up the Australian cloud market, allowing more homegrown Australian providers to operate and deliver their services,” Federal Minister for Defence Linda Reynolds said in a statement.
“This will provide opportunities for Commonwealth, State and Territory agencies to tap into a greater range of secure and cost-effective cloud services.”
Minister for Government Services Stuart Robert said the ACSC and DTA worked closely with industry to develop the new guidelines.
“Having been co-designed with industry, this will help and guide organisations to assess the suitability of a range of secure and cost effective cloud service providers to securely handle their data and ultimately boost Australia’s cyber security resilience,” Robert said.
In addition, the ACSC said it would grow and enhance the Information Security Registered Assessors Program (IRAP) to further support government and industry in implementing appropriate cloud security measures and increase their cyber security resilience.