The new CyberSecure Canada Certification Standard has been released for a while now and it's a major step forward in cybersecurity standards in Canada. This new standard replaces the old Baseline Cyber Security Controls for Small and Medium Organizations V1.2, and it introduces a number of important changes along with a new control area.
The new standard is based on a number of cybersecurity controls designed to provide organizations with the framework and guidance they need to manage and minimize their cybersecurity risks.
The new standard has more audited control areas compared to the previous 13. The audited control areas now consist of leadership, cybersecurity training, incident response plan, automatically patch operating systems and applications, enabling security software, securely configuring devices, using strong user authentication, backup and encrypting data, establishing basic perimeter defenses, implementing access control and authorization, secure mobility, secure cloud and outsourced IT services, secure websites, secure portable media, point of sale and financial systems, and the brand new control area on computer security log management.
The new standard includes many of the previous control area requirements with minor changes. It is also now broken down into Level 1 and Level 2.
- Level 1 is for organizations that are just starting their cybersecurity journey and their knowledge in the field would be considered entry-level. Organizations looking to implement only level 1 requirements will not be audited or granted CyberSecure Canada Certification.
- Level 2 requirements build from level 1 and are the requirements for organizations looking to become CyberSecure Canada Certified.
Overall, the new standard has made some great improvements to the existing baseline controls, and it provides organizations with the framework and guidance they need to manage & minimize their cyber risks. With the help of this new standard, and Cyber Security Canada along the way, organizations can feel confident that their systems and networks are more secure, and can protect their valuable data and assets from unauthorized access, misuse and potential cyber-attacks.
Any organizations that started working with Cyber Security Canada and signed the audit agreement before Jan 1st, 2023 will be audited against the previous standard until re-certification in two years. These organizations can also choose to be audited against the new standard. Organizations who begin the certification process now will be audited against the new standard.
To get started on your CyberSecure Canada journey, reach out via our contact us page and we’d be happy to help. In addition, you can download the whole document here.