Certification requirements are CyberSecure Canada's security control areas for small and medium-sized organizations as developed in coordination with the Canadian Centre for Cyber Security.
There are 13 security control areas that small and medium-sized organizations must implement in order to achieve certification under the CyberSecure Canada program.
All organizations are eligible for certification. However, the program's cybersecurity measures are designed with small and medium-sized organizations in mind. Larger or more complex organizations should consider a more robust cybersecurity certification.
What are the 13 certification requirements?
The 13 security control areas include a wide-range of widely accepted cybersecurity industry best practices:
- Develop an incident response plan
- Automatically patch all content
- Configure devices securely
- Enable security software
- Implement strong user authentication
- Provide employee training
- Backup and encrypt data
- Secure mobility
- Establish perimeter defences
- Secure outsourced IT services
- Secure websites
- Implement access control and authorization
- Secure portable media
- Date modified: