Data Collection To Support the STRA for FAM

[ArogeG]

Describe the task The MISO recommends that we conduct a preliminary STRA for FAM to support a faster completion and approval of FAM's STRA. This will require the following

• FAM Architectural diagram

• FAM Deployment diagram

• Data collection in relation to the following security standards/framework:

1. STRIDE/NIST
2. ISO 27000 (To be confirmed)
3. OCIO Defensible security checklist

Acceptance Criteria

• [ ] STRA should be templated to meet OCIO/Ministry standards https://app.zenhub.com/files/486378283/9b4d6c7a-056c-484e-8ede-4a2041a6db7a/download https://app.zenhub.com/files/486378283/f60e27f9-f6e4-4f9b-8a6b-be1caf864528/download

https://app.zenhub.com/files/486378283/40de0ecb-b7df-49de-8f72-611587697394/download

https://app.zenhub.com/files/486378283/e96fe6ef-662f-49e2-bbc9-00c55db52a05/download

• [ ] second
• [ ] third

Additional context Here is the email from the BCSC Security team with the requirements for STRA, SOAR and other tasks.https://app.zenhub.com/files/486378283/c76b1bd4-b8a1-4e3b-aaa4-6118022aab89/download

[webgismd]

For WAVA istore requests we can go through Lucas and the NRIDs TIER 3 team to request.

[basilv]

Use STRIDE or NIST, not both. Unclear if ISO is separately needed or an option. OCIO checklist is required as well.

[gormless87]

Closing as draft STRA has been prepared by contract resources.

WAVA completed.