Interactive · Free

Are you ready for CPCSC Level 1?

Thirteen yes / no questions, two minutes, no email required. We'll score your readiness against the 13 baseline controls behind the Canadian Program for Cyber Security Certification (CPCSC) Level 1 — the cyber- hygiene self-assessment, drawn from the Cyber Centre's ITSP.10.171, that defence suppliers must complete to hold contracts handling certain sensitive, unclassified federal information. New to the program? Start with our plain-language CPCSC Level 1 explainer.

  1. 1 Do you control system accounts — creating them deliberately, reviewing them, and promptly disabling access when someone leaves or changes role? (Access Control)
  2. 2 Do you verify users and devices before granting access, using multi-factor authentication wherever you can? (Identification & Authentication)
  3. 3 Do you monitor and control your network boundary — a properly configured firewall between your internal systems and the internet? (System & Communications Protection)
  4. 4 Do you identify and fix system flaws by applying security patches in a timely way? (System & Information Integrity)
  5. 5 Do you run and keep current malicious-code protection — antivirus, anti-malware, or EDR — across your systems? (System & Information Integrity)
  6. 6 Do you limit each user to only the systems and information their role actually requires? (Access Control)
  7. 7 Do you control connections from external systems — personal devices, partner networks, public Wi-Fi — to systems that hold sensitive information? (Access Control)
  8. 8 Does every user and device have its own unique identifier, with no shared or generic logins? (Identification & Authentication)
  9. 9 Do you manage passwords and other authenticators properly — strong, changed from defaults, and protected from disclosure? (Identification & Authentication)
  10. 10 Do you securely wipe or destroy storage media — drives, USB sticks, old computers, paper — before disposal or reuse? (Media Protection)
  11. 11 Do you limit physical access to systems, equipment, and facilities to authorized people? (Physical Protection)
  12. 12 Do you control what gets posted to publicly accessible systems — your website, social media, shared drives — so sensitive information is not exposed? (Access Control)
  13. 13 Do you apply security safeguards to remote and home-office work, not just the main office? (Physical Protection)

Need to close the gaps before your self-assessment?

Book a no-obligation consultation and our Compliance & Risk Advisory team will help you implement the ITSP.10.171 controls behind CPCSC Level 1 — and put the evidence in place to back up your self-assessment.

Talk to our team