Cyber Security Canada Blogs
As a leading provider of cybersecurity services and solutions, we understand the unique challenges faced by businesses operating in Canada’s digital economy. Our team of experienced practitioners and certified auditors share their knowledge and lessons learned to help you strengthen your cyber resilience. Whether you are looking to achieve CyberSecure Canada certification or simply improve your security posture, our blog provides the information and resources you need. Learn more about us.
Compliance Opens Doors: 3 Reasons Being Certified Wins or Loses You Contracts
Compliance Opens Doors: What Certification Really Means for Your Business You bid on the contract. Your pricing was sharp, your team was ready, and your track record spoke for itself. Then the RFP came back with a line you weren’t prepared for: compliance. Prove you can protect our data. It’s happening more and more. Across […]
The Evolution of Cyber Security Tools: How They Support CPCSC Compliance in Canadian Enterprises
From binders and spreadsheets to purpose-built compliance engines — how Canadian organizations are finally getting the tools they need to meet ITSP.10.171 By Victor Beitner · Cyber Security Canada · April 29, 2026 · CPCSC ITSP.10.171 Compliance Canada’s cyber security compliance landscape has changed dramatically over the past decade. What began as a collection of broadly worded government guidance […]
Cyber Security Canada Announces Pursuit of CMMC Third-Party Assessor Organization (C3PAO) Authorization to Serve Global Defense Industrial Base
Petawawa, Ontario – December 9, 2025 – Cyber Security Canada, a leading provider of cybersecurity compliance and assessment services with a deep specialization in Canadian government and international standards, including CAN/DGSI 104 and ISO 27001, announced it is in the advanced stages of the authorization process to become a Certified Third-Party Assessor Organization (C3PAO) under […]
Implementing DMARC, DKIM, and SPF: Control Requirement 5.7.3.7
Email remains a primary tool for communication within organizations and with external stakeholders. However, it is also a common target for cyber threats such as phishing, spoofing, and spam. To mitigate these risks, the CAN/DGSI 104:2021 Rev 1 2024 standard includes Control Requirement 5.7.3.7, which mandates the implementation of DMARC, DKIM, and SPF on all […]
Network Segmentation for Public and Corporate Networks: Control Requirement 5.7.3.6
Protecting corporate IT resources from potential threats is paramount. One of the controls outlined in the CAN/DGSI 104:2021 Rev 1 2024 standard is Control Requirement 5.7.3.6. This requirement mandates that organizations segment their networks to ensure that networks provided to the public or customers are separated (and/or isolated) from the corporate networks. This blog will […]
Ensuring Secure Wi-Fi Connectivity: Control Requirement 5.7.3.5
In today’s interconnected world, secure Wi-Fi connectivity is essential for protecting corporate IT resources and sensitive data. Control Requirement 5.7.3.5 from the CAN/DGSI 104:2021 Rev 1 2024 standard mandates the use of secure Wi-Fi protocols, specifically WPA2-AES, and preferably WPA2-Enterprise or WPA3-Enterprise, along with proper password configuration as outlined in section 5.5. This requirement is […]
VPN Connectivity with Multi-Factor Authentication: Control Requirement 5.7.3.4
Control Requirement 5.7.3.4 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the necessity for encrypted connectivity and VPN access with multi-factor authentication (MFA) for remote access to corporate networks. This requirement is crucial for maintaining the integrity and security of sensitive data. Understanding Encrypted Connectivity Encryption is the process of converting data into a […]
Control Requirement 5.7.3.3: Activating Software Firewalls for Enhanced Device Security
Protecting individual devices within an organization’s network is just as important as securing the network itself. Control requirement 5.7.3.3 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need to activate software firewalls on devices. This practice is essential for maintaining the security and integrity of your network and its endpoints.Why Activating Software Firewalls […]
Control Requirement 5.7.3.2: Implementing DNS Firewalls for Enhanced Security
Control requirement 5.7.3.2 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need to implement a DNS firewall for outbound DNS requests to the Internet. This practice is essential for maintaining the security and integrity of your network. Why DNS Firewalls Matter DNS firewalls play a vital role in network security for several reasons: […]
Control Requirement 5.7.3.1: Implementing Firewalls for Enhanced Network Security
Control requirement 5.7.3.1 from the CAN/DGSI 104:2021 Rev 1 2024 standard highlights the need to place a firewall between two perimeters to control the amount and kinds of traffic that can pass between them. This is key to maintaining the security and integrity of your data and systems. Why Firewalls Matter Firewalls are crucial for […]
Control Requirement 5.6.2.8: Ensuring Integrity of Backup and Restoration Processes
Ensuring the integrity of backup and restoration processes is paramount. Control requirement 5.6.2.8 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the necessity of using a sampling of backup data to test and verify recovery procedures at regular intervals. This practice is crucial for maintaining the reliability and security of an organization’s data.The Importance […]
Control Requirement 5.6.2.7: Ensuring Security and Integrity of Critical Backups
Data is one of the most valuable assets for any organization. Ensuring the security and integrity of critical backups is not just a best practice but a necessity. Control requirement 5.6.2.7 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the importance of regularly testing these backups to verify their reliability, accessibility, and uncompromised state.Why […]
Control Requirement 5.6.2.6: Ensuring Data Integrity with Non-Modifiable Backup Files
Maintaining data integrity is crucial for any organization, and one way to achieve this is by ensuring that backup files are not modifiable. Control requirement 5.6.2.6 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the importance of protecting backup files from modifications to preserve the integrity of the data. Let’s explore why this is […]
Control Requirement 5.6.2.5: The Importance of Encrypted Backups
When it comes to protecting your organization’s data, encryption is a key component. Control requirement 5.6.2.5 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need to use encrypted backups with securely stored and recoverable key material. This ensures that your data remains protected and accessible only to authorized personnel. Let’s explore why this […]
Control Requirement 5.6.2.4: The Importance of Offsite Backup Storage
When it comes to protecting your organization’s data, having a robust backup strategy is essential. Control requirement 5.6.2.4 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need to store backups at a fully offsite location at regular intervals. This practice ensures diversity in the event of a disaster, such as a fire, flood, […]
Control Requirement 5.6.2.3: Ensuring Effective Backup and Recovery for Essential Business Information
Backing up systems that contain essential business information is crucial for maintaining operational continuity and protecting sensitive data. Control requirement 5.6.2.3 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need to not only back up these systems but also ensure that recovery mechanisms can effectively and efficiently restore them from backups. Let’s explore […]
Control Requirement 5.6.2.2: Tailoring Backup Strategies for Different Systems
When it comes to backing up systems, a one-size-fits-all approach doesn’t work. Control requirement 5.6.2.2 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need to determine on a case-by-case basis what systems to back up and at what frequency. This ensures that each system’s unique backup and recovery requirements are met effectively.Why Tailored […]
Control Requirement 5.6.2.1: Identifying and Managing Essential Business Information
Managing business information effectively is crucial for the smooth functioning of any organization. Control requirement 5.6.2.1 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need to determine what business information and software are essential to your operations and how frequently this information changes. Let’s explore why this is important and how to implement […]
Control Requirement 5.5.3.1: Why Your Organization Needs a Password Manager
Managing passwords securely is more important than ever. Control requirement 5.5.3.1 from the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need for organizations to implement a password manager. Let’s explore why this is crucial and how it can benefit your organization.The Importance of a Password ManagerA password manager is a tool that helps users […]
Control Requirement 5.5.2.3: Crafting Strong Password Policies
Passwords are the first line of defense in protecting your organization’s sensitive data. Control requirement 5.5.2.3 of the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need for clear policies on password length and reuse, the use of password managers, and guidelines for physically writing down and securely storing passwords. Let’s dive into why these […]
Enforcing Password Changes on Suspicion of Compromise: Control Requirement 5.5.2.2
Control requirement 5.5.2.2 of the CAN/DGSI 104:2021 Rev 1 2024 Standard emphasizes the need for organizations to enforce password changes on suspicion or evidence of compromise. But did you know that changing passwords regularly is no longer considered a best practice? Let’s dive into why this is the case and how to implement smarter password […]
Control Requirement 5.5.2.1: Why Multi-Factor Authentication Matters
Control requirement 5.5.2.1 of the CAN/DGSI 104:2021 standard highlights the need to implement MFA or document any instances where MFA cannot be implemented. Here’s a breakdown of what this means and how to get started.Why Multi-Factor Authentication is ImportantMFA adds an extra layer of security by requiring users to provide two or more verification factors […]
Control Requirement 5.4.2.1: Implementing Secure Configurations for Enhanced Device Security
Securing organizational devices is paramount to protecting sensitive data and maintaining operational integrity. Control requirement 5.4.2.1 of the CAN/DGSI 104:2021 Rev 1 2024 standard outlines essential steps for implementing secure configurations across all devices. This blog explores the importance of these measures and provides practical guidance on how to achieve them.The Importance of Secure ConfigurationsSecure […]
Implementing Anti-Malware Solutions (Control Requirement 5.3.2.1)
Cybersecurity is a critical concern for organizations. One essential aspect of maintaining a secure environment is implementing effective anti-malware solutions. Control requirement 5.3.2.1 of the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need for organizations to enable anti-malware solutions that update automatically and prevent malware from executing. This blog post will explore the importance […]
Performing Risk Assessments for Automatic Patching Compliance (Control Requirement 5.2.2.3)
Staying ahead of potential threats is crucial for any organization. The CAN/DGSI 104:2021 Rev 1 2024 standard provides a comprehensive framework to enhance cybersecurity measures. One important aspect of this standard is control requirement 5.2.2.3, which mandates organizations to perform a risk assessment to determine whether to replace systems incapable of automatic patching.Understanding Control Requirement […]
Control Requirement 5.2.2.2: Enabling Automatic Patching for Enhanced Security
Control requirement 5.2.2.2 of the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the importance of enabling automatic patching for all software and hardware to protect organizational assets from vulnerabilities.The Importance of Automatic PatchingAutomatic patching is a proactive measure that ensures software and hardware are consistently updated with the latest security patches. This practice is crucial […]
Control Requirement 5.2.2.1: The Importance of Up-to-Date Security Patches
Maintaining up-to-date security patches for all software and hardware is a fundamental aspect of protecting an organization’s assets from known vulnerabilities. Control requirement 5.2.2.1 of the CAN/DGSI 104:2021 Rev 1 2024 Standard underscores the necessity of this practice, highlighting its role in a robust cyber security strategy.Why Up-to-Date Security Patches are CrucialSecurity patches are updates […]
Control Requirement 5.1.2.4: The Importance of Cyber Security Insurance
Control requirement 5.1.2.4 of the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need for organizations to consider purchasing a cyber security insurance policy that includes coverage for incident response and recovery activities. This blog explores the importance of such insurance and provides guidance on how to approach this requirement.Why Consider Cyber Security Insurance?Cyber security […]
Ensuring Effective Incident Response: Control Requirement 5.1.2.2
Having a clear and robust incident response plan is crucial for any organization. Control requirement 5.1.2.2 of the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the importance of detailing responsibilities and communication mechanisms during an incident response. Let’s dive into what this entails and why it’s essential.Who is Responsible?The incident response plan must clearly outline […]
Control Requirement 5.1.2.1: Crafting an Effective Incident Response Plan
Having a robust incident response plan is essential for any organization. Control requirement 5.1.2.1 underscores the importance of being prepared to respond to various types of incidents with varying levels of severity. This requirement ensures that organizations are not only ready to handle incidents internally but also have a plan in place for situations where […]
Workforce Documentation: Attesting to Employee Numbers for Control Requirement 4.4.3.10
The CAN/DGSI 104:2021 Rev 1 2024 standard provides a comprehensive framework for organizations to enhance their cybersecurity posture. One critical aspect of this standard is control requirement 4.4.3.10, which focuses on documenting the workforce that has access to the organization’s data. What is Control Requirement 4.4.3.10? Control requirement 4.4.3.10 mandates that organizations must provide documentation […]
Control Requirement 4.4.3.9: Ensuring Cyber Security Effectiveness Through Periodic Reviews and Testing
Maintaining the effectiveness of cyber security controls is crucial for any organization. Control requirement 4.4.3.9 of the CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need for periodic reviews and testing of these controls to ensure they remain robust and effective.What is Control Requirement 4.4.3.9?Control requirement 4.4.3.9 mandates that organizations periodically review and/or test their […]
Understanding Control Requirement 4.4.3.8: Implementing Foundational Cyber Security Controls
Cyber security is critical for organizations of all types and sizes. One critical aspect of maintaining robust cyber security is adhering to established standards and requirements. Control requirement 4.4.3.8 emphasizes the importance of implementing foundational or baseline cyber security controls. What is Control Requirement 4.4.3.8? Control requirement 4.4.3.8 mandates that, regardless of the outcomes from […]
Determining Triggers and Thresholds for Cyber Security Risk Assessments (Control Requirement 4.4.3.7)
Staying proactive is key to protecting your organization’s digital assets. The CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the importance of determining triggers and thresholds for conducting new or updating existing cyber security risk assessments. Control requirement 4.4.3.7 highlights the need for organizations to establish clear criteria for when these assessments should be performed. Let’s […]
Committing to Continuous Improvement in Cyber Security (Control Requirement 4.4.3.6)
Staying ahead of potential cyber risks requires a commitment to continuous improvement. The CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes this by mandating that organizations commit to progressive improvements in their cyber security practices. Control requirement 4.4.3.6 highlights the need for ongoing enhancements to ensure that cyber security measures remain effective and up-to-date. Let’s explore […]
Understanding Cyber Security Staffing Levels: A Key to Organizational Resilience (Control Requirement 4.4.3.5)
Having the right team in place to manage cyber security is crucial for any organization. The CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the importance of identifying internal staffing levels for cyber security. Control requirement 4.4.3.5 mandates that organizations identify their cyber security staffing both as raw numbers and as a percentage of total staff. […]
Understanding Cyber Security Investment: A Key to Organizational Resilience (Control Requirement 4.4.3.4)
Investing in cyber security is not just a necessity but a strategic imperative for organizations. The CAN/DGSI 104: 2021 / Rev 1: 2024 standard emphasizes the importance of identifying financial spending levels for cyber security investment. Control requirement 4.4.3.4 mandates that organizations must identify their cyber security spending both as raw numbers and as a […]
Documenting and Authorizing Cyber Security Risks: A Key Responsibility for Senior Officials (Control Requirement 4.4.3.3)
The CAN/DGSI 104:2021 Rev 1 2024 standard highlights the importance of documenting and authorizing cyber security risks. Control requirement 4.4.3.3 says that these risks must be documented and approved by a senior official in the organization. Let’s break down why this is important and how it can help your organization.Understanding Inherent and Residual RisksInherent risks […]
Strengthening Cyber Security: The Role of Senior Leadership in Risk Assessment and Control Implementation (Control Requirement 4.4.3.1)
The role of senior leadership in overseeing and managing an organization’s cyber security is paramount. The CAN/DGSI 104:2021 Rev 1 2024 standard highlights this by mandating that a member of the senior-level leadership team be appointed to conduct cyber security risk assessments and coordinate the implementation of cyber security controls. Let’s delve into the key […]
The Importance of Conducting a Cyber Security Risk Assessment (Control Requirement 4.4.2.1)
Conducting a cyber security risk assessment is a fundamental step in identifying, understanding, and managing the risks associated with cyber threats. The CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes this by mandating that organizations conduct a cyber security risk assessment as outlined in control requirement 4.4.2.1, also referring to Annex B of the standard. Let’s […]
Ensuring Continuous Cyber Security Awareness: The Importance of Documentation (Control Requirement 4.3.3.1)
Maintaining a high level of cyber security awareness among employees is crucial. The CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes the need for organizations to provide regular and ongoing cyber security awareness and training. Control requirement 4.3.3.1 specifically mandates that organizations document these efforts. Let’s explore why this documentation is essential and how it can […]
Providing Employees with Essential Cyber Security Training: Insights from Control Requirement 4.3.2.1
Employees are the first line of defense against cyber threats. Ensuring that they are well-trained in basic security practices is crucial for maintaining the integrity and security of an organization’s data. The CAN/DGSI 104:2021 Rev 1 2024 standard emphasizes this by outlining specific training requirements under control requirement 4.3.2.1. Let’s explore these key practices and […]
The Role of Senior Leadership in Cyber Security: Insights from Control Requirement 4.2.2.1
The role of senior leadership in overseeing and being accountable for an organization’s cyber security cannot be overstated. The CAN/DGSI 104:2021 Rev 1 2024 standard underscores this by mandating that top management appoint a member of the senior-level leadership team to take charge of the organization’s cyber security efforts. Let’s dive into the key responsibilities […]
The Crucial Role of Top Management in Cyber Security
Management in Cybersecurity – it’s not just an IT issue. It’s a critical business concern that requires the attention and commitment of top management. The CAN/DGSI 104:2021 Rev 1 2024 (CyberSecure Canada) standard emphasizes this by outlining specific responsibilities for top management. This is under control requirement 4.1.2.1. Let’s explore how top management can demonstrate […]
Story from Shay – How she got in the cyber industry
My name is Shaylah and I’m a recent graduate working for Cyber Security Canada as a Cybersecurity Practitioner. I have an undergraduate degree in a different field and a diploma in cybersecurity with several industry certifications. Cybersecurity is a vital field because our lives increasingly revolve around technology. Even if you threw away all of your […]
Story from Renee – How she got in the cyber industry
My Journey into the Cybersecurity Industry My name is Renee, and I want to share my unique journey into the cybersecurity industry. It’s a story of unexpected turns, challenges, and ultimately, finding my passion in a field I never initially considered. The Unexpected Start In high school, thanks to Mr. Gaunce, I was deeply interested […]
Cyber Security Canada announces Partnership with Edwards Performance Solutions
Cyber Security Canada and Edwards Performance Solutions Announce a Partnership to Offer CMMC/CPCSC Services in Canada May 24, 2024 — Cyber Security Canada (CSC) and Edwards Performance Solutions (Edwards) are pleased to announce their partnership aimed at providing comprehensive Cybersecurity Maturity Model Certification (CMMC) and the Canadian Program for Cybersecurity Certification (CPCSC) services to organizations […]
Why a Cyber Incident Response Plan is Critical to Your Company
Why a Cyber Incident Response Plan is Critical to Your Company Introduction In today’s digital age, cybersecurity threats are on the rise. From data breaches to ransomware attacks, no company is immune to the potential risks of a cyber incident. That’s why it’s crucial for every organization to have a comprehensive cyber incident response plan […]
Our team of experienced cybersecurity practitioners are here to help your organization assess risks, identify vulnerabilities and implement the right security controls. From penetration testing and security audits to incident response planning and employee training, we offer a suite of cybersecurity services to strengthen your cyber resilience.Whether you need guidance achieving compliance with standards like CAN/CIOSC 104 or developing a comprehensive cybersecurity roadmap, our experts provide the strategic advice and hands-on support to protect your business. We take the time to understand your unique needs and tailor our approach to maximize the return on your cybersecurity investments.
