Language selection


Certification requirements

From: Innovation, Science and Economic Development Canada

Certification requirements are CyberSecure Canada's security control areas for small and medium-sized organizations as developed in coordination with the Canadian Centre for Cyber Security.

There are 13 security control areas that small and medium-sized organizations must implement in order to achieve certification under the CyberSecure Canada program.

Certification eligibility

All organizations are eligible for certification. However, the program's cybersecurity measures are designed with small and medium-sized organizations in mind. Larger or more complex organizations should consider a more robust cybersecurity certification.

What are the 13 certification requirements?

The 13 security control areas include a wide-range of widely accepted cybersecurity industry best practices:

  1. Develop an incident response plan
  2. Automatically patch all content
  3. Configure devices securely
  4. Enable security software
  5. Implement strong user authentication
  6. Provide employee training
  7. Backup and encrypt data
  8. Secure mobility
  9. Establish perimeter defences
  10. Secure outsourced IT services
  11. Secure websites
  12. Implement access control and authorization
  13. Secure portable media
Date modified: