This repository will provide the tools required to validate the minimum guardrails for the GC Cloud Operationalization Framework for IBM Cloud
The following tables contains the list of Cloud Guardrails You can also reach the IBM Cloud - Government of Canada Guardrail Accelerator here: IBM Cloud Accelerator
Guardrail | Description | Enforcement | Link |
---|---|---|---|
01 Protect Root / Global Admins Account | Protect root or master account used to establish the cloud service. | Doc | link |
02 Management of Administrative Privileges | Establish access control policies and procedures for management of administrative privileges | Doc | link |
03 Cloud Console Access | Limit access to GC managed devices and authorized users. | Doc | link |
04 Enterprise Monitoring Accounts | Create role-based account to enable enterprise monitoring and visibility. | Rego | link |
05 Data Location | Establish policies to restrict GC sensitive workloads to approved geographic locations. | Rego | link |
06 Protection of Data-At-Rest | Protect data at rest by default (e.g. storage) for cloud-based workloads. | Doc | link |
07 Protection of Data-In-Transit | Protect data transiting networks through the use of appropriate encryption and network safeguards. | Doc | link |
08 Segment and Separate | Segment and separate information based on sensitivity of information. | Rego | link |
09 Network Security Services | Establish external and internal network perimeters and monitor network traffic. | Rego | Link |
10 Cyber Defence Services | Establish MOU for defensive services and threat monitoring protection services. | MOU | |
11 Logging and Monitoring | Enable logging for the cloud environment and for cloud-based workloads. | Rego | Link |
12 Configuration of Cloud Marketplaces | Configuration of Cloud Market Places | Rego | Link |