Government of Canada Enterprise Architecture Review Board Exemption Request Presentation

UNCLASSIFIED / NON CLASSIFI Presenter Template Government of Canada Enterprise Architecture Review Board (GC EARB) Department Project Name (Date) Presentation for: EARB Appearance: Contact Information: Endorsement Information X Exemption X Initial Follow-up Final Architecture Presenter(s): Name /Email / Phone # Name /Email / Phone # GC Docs #31758070 Last Updated June 7, 2019

UNCLASSIFIED / NON CLASSIFI Purpose of GC EARB Session The purpose of this presentation is to seek an exemption from GC EARB related to the deadline for ITPIN 2018-01 Implementing HTTPS for Secure Web Connections 2

UNCLASSIFIED / NON CLASSIFI Exemption Request Short synopsis of the relevant background activities to date Tell us which Business Capability you are supporting with this request. (Please refer to these links to list of Business Capability and its definitions: https://gcconnex.gc.ca/file/group/21723432/all#33721386 / https://gcconnex.gc.ca/file/download/50303099) Provide summary details on your departmental HTTPS initiative: Provide the total # domains managed (per HTTPS Dashboard) / % HTTPS vs. not HTTPS Include a link to your organization s listing in the HTTPS Dashboard Sr. Exec responsible (named OPI for HTTPS) Confirmation that risk of not securing sites is acknowledged and accepted by dept authority (CIO / DG resp. for HTTPS) Briefly describe the technical problems with the current situation How current systems fail to achieve departmental requirements. Describe the opportunity that the Department needs to leverage. Include details of the hosting infrastructure (e.g.: location, versions, upgrade plans, dependencies, etc.) Details re: supporting documentation required on next slide Note: You may insert more pages if required. Please remove these guidance words once you complete this page. 3

UNCLASSIFIED / NON CLASSIFI Supporting documentation (slide to be removed) Supporting documentation is required with your exemption request: Domain list w/ current configured sites separate from domains requiring an exemption Recommended to build off CSV downloadable from the HTTPS Dashboard Full list required to provide context Per domain rationale details required: H/M/L priority (Asset importance to business operations) # visitors monthly Reason for non-compliance Target date for compliance IT org responsible for implementation (e.g.: dept. IT, SSC, other) HTTPS solution (I.e.: Web server vs. proxy secured) 4

UNCLASSIFIED / NON CLASSIFI Risks & Mitigations Prob. Impact Risks Mitigations H/M/L H/M/L 1 Identify the 3 most important Risks related to HTTPS activities H/M/L H/M/L 2 H/M/L H/M/L 3 Risk Governance Departmental Risk Governance Bodies Identify the most Senior Governance body responsible for the management of risk, and implementation of security solutions Risk Owner Technical Service Provider Identify the Technical sponsor responsible for services to mitigate the risk of non-compliance Identify the risk owner with authority to accept the risk of non-compliance 5

UNCLASSIFIED / NON CLASSIFI APPENDIX: Shared Services Canada (SSC) Involvement SSC Scope What is the scope of work required by Shared Services Canada? When/How has SSC been involved in this project? What SSC Services are to be impacted or consumed? http://service.ssc-spc.gc.ca/en/services Include due dates for SSC deliverables. What are the dependencies and assumptions? (ex: authentication, cloud connectivity. If legacy Data Centre, which one and has capacity has been confirmed.) SSC Internal Governance Presentation title: Please include Presentation title, committee and date of presentation (or rational for not going through governance) Governance Committees: Committee DD/MM/YY Committee DD/MM/YY SSC Contact SSC BR number (if available) BR Number SSC Client Executive contact Name/Title SSC project contact Name/Title SSC architecture contact Name/Title (if available) For help in completing this slide feel free to contact your Client Executive http://service.ssc-spc.gc.ca/en/contact/partclisupport/client-execs 20