The Australian Signals Directorate has expanded its list of certified cloud services for use by government departments and agencies.
The ASD has added infrastructure-as-a-service (IaaS) offerings from Australian companies Sliced Tech and Vault Systems to the Certified Cloud Services List (CCSL).
The initial CCSL was released in April, initially comprising Microsoft's Azure and Office 365 services and Amazon Web Services' EBS, EC2, S3 and Virtual Private Cloud services.
Cloud services must be IRAP certified to be added to the list.
The list is intended to help smooth government agencies and departments' transition to the cloud.
"The CCSL has been developed to mitigate concerns from government that the security risks of using cloud services may not be easily identified," an ASD spokesperson told Computerworld Australia shortly after the list's launch.
"As the certification authority, ASD will provide a baseline understanding of how a cloud service provider approaches these risks using ASD's and industry's experience."
The CCSL was released as part of the ASD's update to the Information Security Manual..
Services listed so far added to the CCSL have been certified for use
with so-called Unclassified - Dissemination Limiting Markers (DLM)
information (data that is not classified but may be sensitive and is not
intended for public release).
The updated ISM and CCSL release took place in the context of the government's shift towards a "cloud-first" policy.
The federal government in October last year released an updated cloud policy that stated when obtaining new IT services or replacing existing services, agencies should adopt cloud services if they are "fit for purpose, provides adequate protection of data and delivers value for money".
"Data shows there has been only modest use of cloud services by government agencies to date," the policy stated