Information Security Registered Assessors Program

ASD Certified Cloud Services

ASD has awarded ASD Certification to the listed cloud service providers for specified cloud services. ASD has issued the providers with the following:

  • A Certification Letter outlining the details of the certification and describing the conditions of holding certification and when re-certification may be triggered.
  • A Certification Report which provides customers with an overview of the security aspects which should be considered prior to accreditation.

Australian Government agencies procuring these services are advised to request the ASD Certification Letter and Certification Report from the cloud service provider, and consider the ASD advice prior to awarding accreditation.

IRAP Security Assessments and ASD Certification are based on the Australian Government Information Security Manual. Australian Government agencies should review the ASD Cloud Computing Security documents, which describe security risk mitigations associated with cloud computing. In addition, Australian Government agencies must perform due diligence reviews of the legal, financial and privacy risks associated with procuring cloud services (which this certification does not include).

Related information

ASD Certified Cloud Services List (CCSL)

ASD broadly uses the US National Institute of Standards and Technology (NIST) cloud computing definition (PDF), which defines three service models for cloud computing. However, we will also include cloud computing services that have alternative billing models to those described by NIST.

Cloud provider Cloud service Classification level
Amazon Web Services EBS, EC2, S3 and VPC Unclassified DLM
Macquarie Telecom GovZone (LAUNCH) Unclassified DLM
Microsoft Azure Unclassified DLM
Microsoft Dynamics CRM Online Unclassified DLM
Microsoft Office 365 Unclassified DLM
Salesforce PaaS, SaaS Unclassified DLM
Sliced Tech IaaS Unclassified DLM
Vault Systems IaaS Unclassified DLM

Last updated June 2016.

Many cloud providers are currently going through ASD's certification process. If your organisation is considering a cloud service that is not on this list, please contact us.