Amazon Web Services’ (AWS) Identity and Access Management (IAM) service has been added to the government’s Certified Cloud Services List (CCSL).
The CCSL is maintained by the Australian Signals Directorate (ASD). Services on the list have been subject to an IRAP security assessment based on the government’s Information Security Manual, making it easier for federal government agencies to adopt them.
Amazon and Microsoft were the first two providers to join the CCSL when it launched in 2015. AWS’ S3 and EBS storage services, EC2 compute service, and Virtual Private Cloud services are all on the list.
Most services currently on the list have been certified for use with unclassified but sensitive information. However, in March services from Sliced Tech and Vault Systems were certified for use with information classified at the PROTECTED level.
(The government has four categories for information requiring security classification: PROTECTED, CONFIDENTIAL, SECRET and TOP SECRET.)
Prime Minister Malcolm Turnbull announced earlier this week that as part of a national security shakeup, the ASD will be transformed into a statutory authority sitting within the government’s Defence portfolio.
The centrepiece of Turnbull’s announcement was the creation of a so-called ‘super ministry’ covering immigration, domestic security and law enforcement.
The PM also revealed that the government planned to give the Australian Cyber Security Centre “24/7 capability to respond to serious cyber incidents”.