Certification eligibility
All organizations are eligible for certification. The program's cybersecurity measures are primarily designed for small and medium-sized organizations (SMOs).
Certification requirements
To be eligible for certification your organization must implement the security controls in the National Standard CAN/CIOSC 104:2021 Baseline cyber security controls for small and medium organizations.
What are the security control areas?
- Leadership
- Accountability
- Cyber Security Training
- Cyber Security Risk Assessment
- Incident response plan
- Automatically patch operating systems and applications
- Enable security software
- Securely configure devices
- Use strong user authentication
- Backup and encrypt data
- Secure mobility
- Establish basic perimeter defences
- Secure outsourced cloud and IT services
- Secure websites
- Implement access control and authorization
- Secure portable media
- Point of Sale (POS) and Financial Systems
- Computer Security Log Management
These security control areas reflect industry-accepted cybersecurity best practices.
How do you get certified?

Improve cybersecurity knowledge
Access the free eLearning series
Learn more about each of the cybersecurity control areas and receive a certificate of completion.
Download templates and how-to guides
Access the templates and how-to guides for download on our certification tools webpage.

Understand certification requirements
Implement security control areas
All security control areas must be implemented.

Register in the Cybersecure Canada portal
Register in the CyberSecure Canada portal to:
Complete the cyber certification readiness survey.
Connect with an accredited certification body.
Request an audit.
Track your certification progress.

Pass the audit
Achieve certification!
Valid for 2 years.
Display CyberSecure Canada decals and digital certification mark.
Be included in our directory of organizations awarded the CyberSecure Canada certification!