ASD's Blueprint for Secure Cloud

Communication Infrastructure

This page provides a template and guidance to assist organisations in documenting their approach to managing communications infrastructure associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Instruction

The communications infrastructure section of a System Security Plan (SSP) should document an organisation’s approach to managing communications infrastructure, such as cabling. As with other sections of the SSP, information in the communications infrastructure section should be documented according to the relevant controls outlined in ASD’s ISM and the SSP Annex.

All template text refers to a typical implementation of a system built using the Blueprint, and includes reference to organisational policies, processes and technical configurations to be implemented in addition to the technical controls that may be configured using guidance in the Blueprint. Any implementation implied by the below should not be considered as prescriptive as to how organisations must scope, build, document, or assess a system.

When completing the below template, organisations should insert and update information where relevant to ensure it accurately represents the approach to communications infrastructure within their organisation. When complete, remove any instructional boxes throughout.

Blueprint guidance

The Blueprint does not cover management of communications infrastructure and the below template therefore excludes communications infrastructure from the documented scope.

Where organisations decide to implement communications infrastructure within the boundary of their system, they are responsible for assessing and documenting risk and applicability of each associated security control, and describing the implementation of these controls below.

As <ORGANISATION-NAME>’s approach to implementing controls related to communications infrastructure is consistent across all controls addressed within this section, it does not delve into subsections but rather addresses the controls as a group. This approach is consistent with ASD’s Guidelines for Communications Infrastructure.

Applicability

ISM controls relating to communications infrastructure are not applicable to <SYSTEM-NAME> as direct management of these physical facilities or systems are not within its system boundary. <SYSTEM-NAME> relies on the implementation of relevant controls from the following system assessments:

ORG-NETWORKING-SYSTEM
ORG-IDENTITY-SYSTEM

As such the requirements of this section are not directly applicable for this SSP.

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>

Organisational policies and processes implemented

If and when the management of communications infrastructure is considered as part of <ORGANISATION-NAME>’s management of <SYSTEM-NAME>, <ORGANISATION-NAME> will assess and implement appropriate controls in relation to <SYSTEM-NAME> at that time.

<INSERT ADDITIONAL INFORMATION AS APPROPRIATE>