🇨🇦🍁 Government of Canada Announces First Phase of Canadian Program for Cyber Security Certification 💻🔒

Wednesday, 19 March 2025 12:00.PM

- Protecting Canada's defence supply chains -

The Government of Canada is committed to implementing robust cyber security measures, which are fundamental to Canada's economic stability and national security. The Canadian defence industry faces regular cyberattacks aimed at contractors and subcontractors, putting unclassified federal information at risk. It's essential for Canada to take action to protect these critical supply chains.

The Honourable Jean-Yves Duclos, Minister of Public Services and Procurement and Quebec Lieutenant, announced the first phase in the implementation of the Canadian Program for Cyber Security Certification (CPCSC). In March 2025, the CPCSC will establish a cyber security standard for companies that handle sensitive unclassified government information in defence contracting.

The implementation of the CPCSC will be phased-in gradually, allowing companies to adapt their operations to meet new requirements. The first phase will involve releasing a new Canadian industrial cyber security standard, opening the accreditation process, and introducing a self assessment tool for level 1 certification. This will help businesses understand the program before a wider rollout later in 2025.

During the initial phases, certification will not be required during the bidding process, rather, only when the contract is awarded. The phased approach is designed to strengthen the resilience and security of Canada's defence supply chains, giving both the government and businesses the necessary time and resources to adapt to evolving cyber security standards.

"Cyber security is national security and threats are evermore intricate and in a state of constant change. In defence procurement, cyber incidents can jeopardize the safety of unclassified federal information. To address this, we are thrilled to launch the first phase of the Canadian Program for Cyber Security Certification. We are committed to safeguarding the integrity of the defence sector and we look forward to working with businesses to ensure robust cybersecurity practices."
- The Honourable Jean-Yves Duclos, Minister of Public Services and Procurement and Quebec Lieutenant

Quick facts

• The Canadian Program for Cyber Security Certification ecosystem is a structured framework comprising 3 levels. The program ensures that cyber security certification in Canada is handled by accredited bodies, certified assessors and government oversight. It aligns with international standards while also supporting national security initiatives.

• The program's mandatory cyber security certification requirements will be made up of 3 levels:
  •   level 1: requiring an annual cyber security self-assessment
  •   level 2: requiring external cyber security assessments, led by an accredited certification body
  •   level 3: requiring cyber security assessments conducted by National Defence

• Key milestones in the Canadian Program for Cyber Security Certification rollout will include:
  •   Phase 1 (March 2025): A new cyber security standard for levels 1 and 2 will be available for businesses with a level 1 self-assessment tool to be launched by full program implementation. The Standards Council of Canada will start accepting applications from organizations that want to become certification bodies to support the evaluation and certification of standard compliance. Support systems will be set up to help businesses get level 2 certification through third-party assessments.
  •   Phase 2 (fall 2025): Some defence contracts will require level 1 certification, achieved through a self-assessment. Level 2 certification, which is achieved through a third-party assessment, will be tested in certain defence contracts.
  •   Phase 3 (spring 2026): While some defence contracts will start requiring level 2 certification, level 3 certification will officially begin following publication of the additional level 3 controls.
  •   Phase 4 (2027): For a small number of contracts, level 3 certification requirements will gradually be incorporated into select defence requests for proposals. Level 3 certification will be conducted by National Defence.

• Engagement sessions with the defence industry and other key stakeholders will continue to take place.

• The Government of Canada is committed to supporting the country's growing cyber security sector, particularly within the realm of defence procurement.

SOURCE: Public Services and Procurement Canada

Related materials:
• 06-Dec-2025 12:00 PM   💻📱🖥️Canadian Government CIOs Urged to Reassess IT Priorities Amid Leadership Shifts, Says Info-Tech Research Group
• 06-Dec-2025 08:00 AM   🇨🇦🍁💵 Strengthening Trade: Canada Launches Electronic Export Certificates to Support Grain Exports to Mexico 🌾
• 04-Dec-2025 04:09 PM   💻 Paperpal Crosses 3 Million Users, Strengthening Global Footprint as a Trusted AI Academic Writing and Research Assistant
• 19-Aug-2025 04:33 PM   🧑🔎💻 61% of Cybersecurity Professionals Plan AI Adoption as Manufacturing Faces Growing Cyber Risks 💵
• 19-Aug-2025 10:11 AM   🧑🔎💻 Majority of Canadian Workers areOoptimistic About AI but aren't Ready 🖱️👆
• 16-Jul-2025 10:27 AM   🇨🇦🍁💵 Government of Canada Announces Support for Over 9,700 Leading Researchers and Projects Nationwide
• 15-Jul-2025 04:07 PM   ⚕️💻 Clinicians Reclaim Over 500 Hours Weekly with Heidi Health's AI-Powered Clinical Scribe
• 14-Jul-2025 02:35 PM   👩‍💻💵 Quantum Era Risks Put Future-Proof Cybersecurity on Every Investor's Radar
• 12-Jul-2025 04:48 PM   💻📱🖥️ AI Systems Are Advancing Faster Than Risk Controls, Warns Info-Tech Research Group in New Risk Management Resource
• 11-Jul-2025 12:00 PM   🇨🇦🍁🚀 Canada Reaffirms Longstanding Space Collaboration with Japan