Certification eligibility
All organizations are eligible for certification. The program's cybersecurity measures are primarily designed for small and medium-sized organizations (SMOs).
Certification requirements
Organizations must implement all the security control areas of the CyberSecure Canada program. They were developed by the Canadian Centre for Cyber Security in partnership with the CyberSecure Canada program, you can be review and download them on their webpage.
What are the security control areas?
- Develop an incident response plan
- Automatically patch operating systems and applications
- Enable security software
- Securely configure devices
- Use strong user authentication
- Provide employee awareness training
- Backup and encrypt data
- Secure mobility
- Establish basic perimeter defences
- Secure outsourced cloud and IT services
- Secure websites
- Implement access control and authorization
- Secure portable media
These security control areas reflect industry-accepted cybersecurity best practices.
How do you get certified?

Improve cybersecurity knowledge
Access the free eLearning series
Learn more about each of the cybersecurity control areas and receive a certificate of completion.
Download templates and how-to guides
Access the templates and how-to guides for download on our certification tools webpage.

Understand certification requirements
Implement security control areas
All security control areas must be implemented.

Register in the Cybersecure Canada portal
Register in the CyberSecure Canada portal to:
Complete the cyber certification readiness survey.
Connect with an accredited certification body.
Request an audit.
Track your certification progress.

Pass the audit
Achieve certification!
Valid for 2 years.
Display CyberSecure Canada decals and digital certification mark.
Be included in our directory of organizations awarded the CyberSecure Canada certification!