Get started

Certification eligibility

All organizations are eligible for certification. The program's cybersecurity measures are primarily designed for small and medium-sized organizations (SMOs).

Certification requirements

To be eligible for certification your organization must implement the security controls in the National Standard CAN/CIOSC 104:2021 Baseline cyber security controls for small and medium organizations.

What are the security control areas?

  • Leadership
  • Accountability
  • Cyber Security Training
  • Cyber Security Risk Assessment
  • Incident response plan
  • Automatically patch operating systems and applications
  • Enable security software
  • Securely configure devices
  • Use strong user authentication
  • Backup and encrypt data
  • Secure mobility
  • Establish basic perimeter defences
  • Secure outsourced cloud and IT services
  • Secure websites
  • Implement access control and authorization
  • Secure portable media
  • Point of Sale (POS) and Financial Systems
  • Computer Security Log Management

These security control areas reflect industry-accepted cybersecurity best practices.

How do you get certified?

Improve cybersecurity knowledge

Access the free eLearning series

Learn more about each of the cybersecurity control areas and receive a certificate of completion.

Download templates and how-to guides

Access the templates and how-to guides for download on our certification tools webpage.


Understand certification requirements

Implement security control areas

All security control areas must be implemented.

Register in the Cybersecure Canada portal

Register in the CyberSecure Canada portal to:

Complete the cyber certification readiness survey.

Connect with an accredited certification body.

Request an audit.

Track your certification progress.

Pass the audit

Achieve certification!

Valid for 2 years.

Display CyberSecure Canada decals and digital certification mark.

Be included in our directory of organizations awarded the CyberSecure Canada certification!