Communications Security Establishment Canada

"The Canadian Centre for Cyber Security has warned that foreign actors will likely try to interfere in Canadian election processes. If you’re involved in politics – as a political candidate, staffer or volunteer – you are a target. It’s vital that you take steps to protect yourself. The Cyber...

Assessing possible risk before using social media platforms and apps

"The COMSEC Installation Planning – Guidance and Criteria (ITSG-11) has been superseded by Emission Security (EMSEC) Guidance (ITSG-11A) February 2016 which is a Protected publication, issued under the authority of the Chief, Communications Security Establishment (CSE). To access, or obtain, a...

"With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both departmental and IT project plans. IT security risks can result in exposure of...

"In our highly connected digital society, Canadians and Canadian organizations rely on the Internet for both personal and professional activities. It is in this context that we assess cyber threats to Canadian individuals, businesses, and critical infrastructure, including government. Cyber...

With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both your departmental and IT project plans. With that in mind, the ITSG-33 publication has...

One of our top 10 recommended IT security actions is to patch operating systems and applications. This document outlines several best practices for patching.

The information provided in this document is intended to assist in the mitigation of threats associated with a Wireless Local Area Network (WLAN) deployment by offering security advice to be used during the high-level design phase.

When you work in the office, you benefit from the security measures that your organization has in place to protect its networks, systems, devices, and information from cyber threats. Working remotely provides flexibility and convenience. However, remote work can weaken your organization’s...

This guideline is intended to assist network architects and security practitioners with the appropriate placement of services (for example, domain name service, email service, and web proxy service) into network security zones.

This document presents the Canadian Centre for Cyber Security baseline cyber security controls wherein we attempt to apply the 80/20 rule (achieve 80% of the benefit from 20% of the effort) to the cyber security practices of small and medium organizations in Canada.

Mobile devices have spread rapidly across the Government of Canada (GC) corporate enterprise and while they boost productivity and efficiency, they significantly increase the risk of a compromise to sensitive information. To help mitigate this threat, Communications Security Establishment...

If you’re someone who is in a high-profile position, such as a politician or a senior executive, you need to protect the security of your mobile devices when you travel. Mobile devices contain sensitive information and they are high-value targets for cyber threat actors. If your device or the...

This bulletin aims to describe the risks posed by, and possible mitigations for, the exposure of classified IT systems to wireless signals and mobile devices that are not authorized to connect to those systems. The intended audience for this bulletin includes those responsible for IT security...

Telework is a flexible and convenient work arrangement that allows you to work outside of the traditional office environment. By remotely connecting to your organization’s network, you can continue to use applications and access information as though you were in the office.

The ITSP.40.006 v2 IT Media Sanitization publication contains guidance for IT Security for Practitioners and other IT security authorities to help reduce the risk of exploitation of residual data on IT equipment with electronic memory and/or data storage media. This guidance applies to data at...

Information Technology Security Guidance for Practitioners ITSP.30.031 V3 supersedes ITSP.30.031 V2 User Authentication Guidance for IT Systems and provides guidance on user authentication in IT systems. ITSP.30.031 V3 is also part of a suite of documents developed by CSE to help secure GC...

"This document is intended for elections authorities. It introduces common threats to Canada’s electoral processes and provides guidance on protecting the systems and the people involved in these processes. The guidance in this document is based on information gathered from various sources and is...

"This cyber security playbook guides elections authorities on anticipating, mitigating, and responding to threats that are specific to Canada’s democratic processes. This playbook introduces baseline cyber security measures and best practices that you can implement to improve your organization’s...

This document describes common concepts relevant to discussions about cyber threat activity in the Canadian context and acts as a point of reference for Canadian Centre for Cyber Security (Cyber Centre) publications. This introductory document provides baseline knowledge about the cyber threat...