Govt agencies authorise Australian scale-up under CAAF

AUCloud

Thursday, 02 September, 2021
Govt agencies authorise Australian scale-up under CAAF

AUCloud has become the first Cloud Service Provider to secure Phase 2 “Authority to Operate” under the Australian Cyber Security Centre (ACSC) Cloud Assessment and Authorisation Framework (CAAF).

The Digital Transformation Agency (DTA) and other agencies have separately formally confirmed that the company’s offering meets the stringent requirements for delivering protected cloud services.

Designed to protect government data from cybersecurity threats, the CAAF was mandated in July 2020 and developed through extensive industry-wide consultation. It requires detailed information on the ownership and overseas operational access across all data types (metadata, support and analytics data) and not simply customer data.

  • Phase 1 Assessment by an IRAP assessor provides CSPs Cloud Security Fundamentals and Cloud Services Assessment artefacts that enable a Cloud Consumer’s (typically a Government Agency) risk assessment.
  • Phase 2 Authorisation is the agency specific risk assessment stage, requiring the Authorising Officer within the government agency to issue an Authority to Operate for the specific cloud services in the manner outlined.
  • Phase 2 essentially ensures the CSP funded IRAP assessment meets the risk profile of the cloud services adopted by individual agencies.
     

AUCloud Managing Director Phil Dawson said that by focusing on data — including the risks of transmission to global support centres and access by unknown or unvetted personnel — CAAF ensures that Australia has a diligent cloud risk assessment and accreditation process equal to other governments across the world.

“The CAAF is already delivering on its objectives, not only to maintain best practice security standards and related controls but to accelerate uptake of cloud services across government by leveraging the work undertaken by early adopter agencies and to expand market access for authorised SaaS services.

AUCloud has many Australian SME partners who, by deploying their SaaS services on AUCloud, are now accelerating their Phase 1 “Assessment” process, making Australian innovation easier and less risky for government to deploy.

“Coupled with the ability of government agencies to now leverage the Authorisation work undertaken by DTA and other agencies, broader adoption of similar services across government will be fast-tracked,” Dawson said.

Image credit: ©stock.adobe.com/au/freshidea

Related News

Good evidence confuses ChatGPT when used for health information: study

A world-first study by CSIRO has found that when asked a health-related question, the more...

CSIRO report maps sovereign capability to build 'foundational' AI tech

CSIRO's report on AI foundation models provides an overview of the fast-moving global...

Nuix confident that lack of diversity in AI can be remedied

Tapping into different talent pools and building diverse teams provides the solution to lack of...

Content from other channels on our network

Future Made in Australia Act welcomed by climate orgs

An interconnected ASEAN Power Grid: report

What Australia thinks about the energy transition

Call for improved train lighting to save lives

Foiling hackers in the smart home era

What factors influence hospital staff retention?

Hospital uses AI model to improve physician–nurse collaboration

Finalists announced for 2024 HESTA Australian Nursing & Midwifery Awards

GenesisCare expands with $35m Northern Beaches cancer centre

In Conversation with Royal Women's Hospital CEO Sue Matthews

The fire on Marley's Hill

Sanctions on Hytera halted by appeals court

MXene-based compound to enable 3D-printed antennas

Long-range drones used to surveil bushfires in NSW

Luxembourg DoD adds satcom ground infrastructure

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd