CyberSecure Canada: CAN/CIOSC 104-2021
CyberSecure Canada allows Canadian small and medium businesses to obtain government-recognized certification attesting that they follow a baseline of cybersecurity good practices defined in national standard CAN/CIOSC 104-2021.
The 13 baseline controls
Standard CAN/CIOSC 104-2021 covers thirteen baseline domains: security policy, training, firewall, antivirus, backups, encryption, password management, access control, patching, incident response and more.
Certification is voluntary but valued in supply chains and federal procurement.
Difference from CPCSC
CyberSecure Canada targets SMBs across all sectors with a generalist baseline. CPCSC (Canadian Program for Cyber Security Certification) addresses defence suppliers specifically and builds on ITSP.10.171, a significantly higher requirement level.