Govt agencies authorise Australian scale-up under CAAF

AUCloud has become the first Cloud Service Provider to secure Phase 2 “Authority to Operate” under the Australian Cyber Security Centre (ACSC) Cloud Assessment and Authorisation Framework (CAAF).

The Digital Transformation Agency (DTA) and other agencies have separately formally confirmed that the company’s offering meets the stringent requirements for delivering protected cloud services.

Designed to protect government data from cybersecurity threats, the CAAF was mandated in July 2020 and developed through extensive industry-wide consultation. It requires detailed information on the ownership and overseas operational access across all data types (metadata, support and analytics data) and not simply customer data.

• Phase 1 Assessment by an IRAP assessor provides CSPs Cloud Security Fundamentals and Cloud Services Assessment artefacts that enable a Cloud Consumer’s (typically a Government Agency) risk assessment.
• Phase 2 Authorisation is the agency specific risk assessment stage, requiring the Authorising Officer within the government agency to issue an Authority to Operate for the specific cloud services in the manner outlined.
• Phase 2 essentially ensures the CSP funded IRAP assessment meets the risk profile of the cloud services adopted by individual agencies.
   

AUCloud Managing Director Phil Dawson said that by focusing on data — including the risks of transmission to global support centres and access by unknown or unvetted personnel — CAAF ensures that Australia has a diligent cloud risk assessment and accreditation process equal to other governments across the world.

“The CAAF is already delivering on its objectives, not only to maintain best practice security standards and related controls but to accelerate uptake of cloud services across government by leveraging the work undertaken by early adopter agencies and to expand market access for authorised SaaS services.

AUCloud has many Australian SME partners who, by deploying their SaaS services on AUCloud, are now accelerating their Phase 1 “Assessment” process, making Australian innovation easier and less risky for government to deploy.

“Coupled with the ability of government agencies to now leverage the Authorisation work undertaken by DTA and other agencies, broader adoption of similar services across government will be fast-tracked,” Dawson said.

Image credit: ©stock.adobe.com/au/freshidea