ACSC adds Rackspace DHE to Certified Cloud Services List (IRAP)
The Australian Cyber Security Centre has added the Rackspace Dedicated Hosting Environment (DHE) to the Certified Cloud Services List (CCSL) for unclassified workloads, increasing the options available to Australian Government agencies.
The Rackspace DHE joins providers on the CCSL that meet stringent Australian Government security requirements for managing information storage at the minimum Australian Government security standard, Unclassified.
‘We applied our rigorous assessment process to check Rackspace DHE’s ability to meet the expected security standards,’ Acting Head of the ACSC, Lynn Moore said.
‘The Rackspace DHE environment in Australia consists of three data halls in Sydney. Data hall 140 meets the required physical security for hosting Unclassified DLM data and is the recommended data hall for Commonwealth entities to use,’ Ms Moore said.
The Rackspace DHE environment provides customers with a dedicated virtualised or physical compute Infrastructure as a Service (IaaS) or Platform as a Service (PaaS). This offers a variety of options for Australian Government entities including:
Increasing choice for Australian Government organisations
The CCSL certification process is based on principles and policies defined in Australia’s Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).
‘If an agency’s security and risk needs can be met with a cloud certified to Unclassified DLM, this increases their choices in meeting their business objectives,’ Ms Moore said.
Rackspace DHE sought entry into the certification program for hosting data classified up to Unclassified DLM. Because of this Rackspace DHE was only assessed for this purpose.
‘It’s important to remember that third-party solutions built on ACSC Certified Cloud Services do not automatically inherit ACSC certification, but must be listed separately on the CCSL,’ Ms Moore said.
‘The ACSC does not assess third-party solutions and therefore cannot confirm if their security meets Australian Government standards.’
The ACSC recommends that organisations considering third-party solutions built on ACSC certified cloud services perform their own independent security assessment, certification and accreditation activities to determine if the solution or service meets their business and security needs.
The ACSC Certification Report for the Rackspace DHE details the residual risks, non-compliance with the ISM, mitigations, and guidance for Australian organisations considering using the company’s services. A copy of the report can be requested from Rackspace.
More information about Certified Cloud Services can be found here: https://acsc.gov.au/infosec/irap/certified_clouds.htm