Get started

Certification eligibility

All organizations are eligible for certification. The program's cybersecurity measures are primarily designed for small and medium-sized organizations (SMOs).

Certification requirements

Organizations must implement all the security control areas of the CyberSecure Canada program. They were developed by the Canadian Centre for Cyber Security in partnership with the CyberSecure Canada program, you can be review and download them on their webpage.

What are the security control areas?

  • Develop an incident response plan
  • Automatically patch operating systems and applications
  • Enable security software
  • Securely configure devices
  • Use strong user authentication
  • Provide employee awareness training
  • Backup and encrypt data
  • Secure mobility
  • Establish basic perimeter defences
  • Secure outsourced cloud and IT services
  • Secure websites
  • Implement access control and authorization
  • Secure portable media

These security control areas reflect industry-accepted cybersecurity best practices.

How do you get certified?

Improve cybersecurity knowledge

Access the free eLearning series

Learn more about each of the cybersecurity control areas and receive a certificate of completion.

Download templates and how-to guides

Access the templates and how-to guides for download on our certification tools webpage.


Understand certification requirements

Implement security control areas

All security control areas must be implemented.

Register in the Cybersecure Canada portal

Register in the CyberSecure Canada portal to:

Complete the cyber certification readiness survey.

Connect with an accredited certification body.

Request an audit.

Track your certification progress.

Pass the audit

Achieve certification!

Valid for 2 years.

Display CyberSecure Canada decals and digital certification mark.

Be included in our directory of organizations awarded the CyberSecure Canada certification!