The engagement is to provide and deploy a whole-of-government Cloud Access and Security Broker (CASB) solution and associated services to the ACT Government Shared Services Division.

Shared Services includes the office of the Chief Information Security Officer (CISO), who has authority under the ACT Protective Security Policy Framework to:
* Centrally coordinate all responses to cyber security incidents, managed by the ICT Security Operation team; and
* Provide strategic cyber security advice to Directorates and Agencies, managed by the Cyber Strategy and Governance team.

As part of its mandate, the Cyber Strategy and Governance team has developed a Cloud Security Strategy to deliver a whole-of-government service providing:
* Visibility of cloud services in use;
* Security risk advice on cloud services; and
* Security controls to ensure control, integrity and confidentiality of Territory is retained.

The Cloud Security Strategy identifies the need for a CASB as the key enabling technology for this service.
The solution must align with the Shared Services vision for a system that:
* provides visibility of cloud usage to ICT Security, Shared Services and ACT Government directorates;
* provides detailed, accurate and up to date information about cloud service risk parameters;
* provides fully configurable security risk and compliance management tools;
* enables enforcement of ICT security policy on cloud services in alignment with the ICT Security policy;
* alerts users to suspicious behaviour in cloud services;
* enables forensic investigation of security incidents in cloud services; and
* streamlines risk-aware cloud procurement.