Apr 1, 2020 - This document is designed to assist assessors validating the security posture of a cloud service in order to provide organisations with independent assurance of security claims made by Cloud Service Providers (CSPs). This document can also assist CSPs to offer secure cloud services.
Apr 1, 2020 - Cloud computing offers potential benefits including cost savings and improved business outcomes for organisations. However, there are a variety of information security risks that need to be carefully considered. Risks will vary depending on the sensitivity of the data to be stored or processed, and how the chosen cloud vendor (also referred to as a cloud service provider) has implemented their specific cloud services.
Mar 2, 2020 - In late July 2019, the Australian Signals Directorate (ASD) commissioned an independent review of its Cloud Services Certification Program (CSCP) and Information Security Registered Assessors Program (IRAP). The Review considered the perspectives of industry and government stakeholders to ensure the proposed recommendations support Commonwealth entities, Australian businesses and the community while maximising cyber security and resilience to protect against evolving cyber threats. The review made the following recommendations:
Mar 2, 2020 - This document is designed to assist an organisation’s cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely.
Apr 30, 2019 - This document provides simple yet practical questions to ask managed service providers regarding the cyber security of their systems and the services they provide.
Apr 17, 2019 - Head of the Australian Cyber Security Centre Alastair MacGibbon has issued an update for registered MSPs and those considering applying to join the Managed Service Provider Partner Program – MSP3. Registration has been extended through to 30 April 2019 and the due date for the return of the surveys is now 31 May 2019. For more information you can view the Program Update here.
Jan 24, 2019 - The Australian Cyber Security Centre (ACSC) has certified Amazon Web Services (AWS) for hosting Australian Government data classified up to the PROTECTED classification level, providing assurance to Australian Government agencies that AWS complies with Australian Government security requirements. ‘Amazon Web Services joins other providers on the Certified Cloud Services List (CCSL) that meet stringent Australian Government security requirements for hosting PROTECTED data,’ said Alastair MacGibbon, Head of the ACSC.
Jan 8, 2019 - The Australian Cyber Security Centre has added the Rackspace Dedicated Hosting Environment (DHE) to the Certified Cloud Services List (CCSL) for unclassified workloads, increasing the options available to Australian Government agencies. The Rackspace DHE joins providers on the CCSL that meet stringent Australian Government security requirements for managing information storage at the minimum Australian Government security standard, Unclassified.
Dec 13, 2018 - The Australian Cyber Security Centre (ACSC) has added Google Cloud Platform to the Certified Cloud Services List (CCSL) for unclassified workloads, increasing the options available to Australian Government agencies. Google Cloud Platform joins 12 existing providers in the CCSL that meet stringent Australian Government security requirements for managing information storage at the minimum Australian Government security standard, known as ‘Unclassified’.
Sep 29, 2018 - Recent media reports suggest third-party solutions built on ACSC Certified Cloud Services automatically inherit ACSC certification. This is not accurate. Any solution or service built on a certified cloud service does not automatically inherit the awarded certification of the supporting infrastructure and is not certified by the ACSC, unless it is also listed on the CCSL.
Aug 24, 2018 - Developers, organisations and companies are being urged to upgrade Apache Struts today to ensure critical infrastructure and customer data is not put at risk. The new remote code execution vulnerability affects all supported versions of Apache Struts 2, Apache Software Foundation said. Apache Struts is a globally popular framework used for creating Java web applications. A patched version has been released today.
Jul 1, 2018 - Cloud computing is the practice of using servers hosted on the internet to store, manage and process data, rather than a local server or a personal computer. Cloud computing can bring many economic and efficiency benefits for organisations. It also brings cyber security benefits and cyber security issues. Different types Cloud computing is a very broad term. It can refer to lots of different ways of organising computers on the internet to do work. Three broad service types for cloud computing are:
Nov 1, 2015 - Web shells can be used to leverage unauthorised access and can lead to wider network compromise. This advisory outlines the threat and provides prevention, detection and mitigation strategies for administrators of web servers that have active content languages installed.