All organizations are eligible for certification. The program's cybersecurity measures are primarily designed for small and medium-sized organizations (SMOs).
To be eligible for certification your organization must implement the security controls in the National Standard CAN/CIOSC 104:2021 Baseline cyber security controls for small and medium organizations.
What are the security control areas?
- Cyber Security Training
- Cyber Security Risk Assessment
- Incident response plan
- Automatically patch operating systems and applications
- Enable security software
- Securely configure devices
- Use strong user authentication
- Backup and encrypt data
- Secure mobility
- Establish basic perimeter defences
- Secure outsourced cloud and IT services
- Secure websites
- Implement access control and authorization
- Secure portable media
- Point of Sale (POS) and Financial Systems
- Computer Security Log Management
These security control areas reflect industry-accepted cybersecurity best practices.
How do you get certified?
Register in the CyberSecure Canada portal to:
Complete the cyber certification readiness survey.
Connect with an accredited certification body.
Request an audit.
Track your certification progress.