After the post-Snowden upheavals, there is a growing concern about preserving the confidentiality of sensitive data across government agencies when using global cloud service providers, such as Amazon Web Services and Microsoft Azure. The use of certification schemes is becoming more critical to assure the security of services offered. This situation is problematic because many certification schemes aim to demonstrate compliance with a security standard, rather than achieve a specified security level. Despite the benefits of security certification schemes like Common Criteria (CC), an assurance-based certification process does not scale well to service provision. To this end, this paper aims to investigate the concept of system assurance and trustworthiness in service provisioning, especially when government agencies procure cloud-based services. By using work on the Indonesian Government's data confidentiality requirements, this work develops principles as foundations for a trustworthy data security level agreement (TDSLA) capability framework as a new assurance mechanism for service provisioning based on discrete levels of security assurance incorporated into the formulation of a service level agreement (SLA). The principles which have emerged from the empirical qualitative data collection were evaluated and validated using three approaches, namely: 1) reflection against related work; 2) testimonial validity through participants’ feedback; 3) use cases, and 4) application of transferability using cases from the UK Government Cloud (G-Cloud) and the US Federal Risk and Authorization Management Program (FedRAMP). The TDSLA capability framework can form the basis for constructing a legal language in contracts or SLAs.

雪灾过后的动荡之后，人们越来越担心在使用全球云服务提供商（例如Amazon Web Services和Microsoft Azure）时跨政府机构保护敏感数据的机密性。认证方案的使用对于确保所提供服务的安全性变得越来越重要。这种情况是有问题的，因为许多认证方案旨在证明符合安全标准，而不是达到指定的安全级别。尽管诸如通用标准（CC）之类的安全认证计划有很多好处，但基于保证的认证过程仍无法很好地适应服务提供。为此，本文旨在研究服务提供中的系统保证和可信赖性的概念，尤其是在政府机构采购基于云的服务时。一个可信赖的数据安全级别协议（TDSLA）能力框架，作为一种新的服务提供保证机制，基于并入制定服务级别协议（SLA）的离散级别的安全保证。经验定性数据收集中出现的原则是通过三种方法进行评估和验证的，即：1）对相关工作的反思； 2）对相关工作的反思。2）通过参与者的反馈来证明证词的有效性；3）用例，以及4）使用来自英国政府云（G-Cloud）和美国联邦风险与授权管理计划（FedRAMP）的案例的可转移性应用。TDSLA能力框架可以构成在合同或SLA中构建法律语言的基础。