Canadian Centre for Cyber Security
Protected B High Value Assets (PBHVA) Assessment
Overview
The Canadian Centre for Cyber Security (CCCS) is Canada’s authoritative source of cyber security expert guidance for the Canadian government, industry, and the public. Public and commercial sector organizations across Canada rely on the CCCS’s rigorous assessments of cloud service providers in their decision to use Amazon Web Services (AWS).
The Protected B High Value Asset (PBHVA) overlay seeks to enhance the integrity and availability of customer organizational workloads that are considered to have an increased level of sensitivity. These are systems which the Government of Canada (GC) uses to support the delivery services at a national scale or are determined to be significant solutions handling sensitive information. The overlay is a set of 117 controls from the ITSG-33 security control catalogue (as of January 2024), which augment the security safeguards to enhance integrity and availability.
On a periodic basis, CCCS assesses new or previously unassessed services and re-assesses the AWS services that were previously assessed to verify that they continue to adhere to the GC requirements. CCCS prioritizes the assessment of new AWS services based on their availability in Canada as well as by customer demand.
FAQs
-
Why is PBHVA Assessment important to customers?
The Canadian Centre for Cyber Security (CCCS) PBHVA Assessment Process is a mandatory requirement for CSPs to provide cloud services to Canadian federal government departments and agencies, including under Shared Services Canada’s (SSC) upcoming IaaS / PaaS procurement vehicle.
-
What is the basis of PBHVA Assessment?
The overlay is a set of 117 controls (as of January 2024) which augment the security safeguards to enhance integrity and availability. The controls are selected from ITSG-33 – IT Security Risk Management: A Lifecycle Approach, Annex 3A – Security Control Catalogue.
-
What services are covered by the PBHVA Assessment?
As of October 4, 2024, there are a total of 149 AWS services which were assessed by CCCS under PBHVA assessment criteria. Refer to the Services in Scope page.
-
Which Regions are covered in the PBHVA Assessment scope?
The assessment covers services and features available in both Canada (Central) and Canada West (Calgary) Regions.
-
Can I get a copy of the PBHVA Assessment Summary for AWS?
Yes. The summary report is available on AWS Artifact. AWS Artifact is a self-service portal for on-demand access to AWS compliance reports. Sign in to AWS Artifact in the AWS Management Console, or learn more at Getting Started with AWS Artifact.
