Communications Security Establishment Canada

There is growing awareness of the risks posed by potentially vulnerable or shaped technologies that may be entering the Government of Canada (GC) communications networks and information technology infrastructure through the supply chain.

"Several meetings involving an ad-hoc group of federal government departments occurred in April-May 2008 around an emerging national security issue relating to the vulnerability of the supply chain for Government of Canada telecommunications equipment and services. In addition to the threat of...

The following content was created prior to the creation of the Canadian Centre for Cyber Security by one of the entities that became part of the Cyber Centre. This content remains relevant to current discussions about cyber security.

The information in this publication identifies and describes acceptable security protocols and their appropriate methods of use to ensure continued protection of UNCLASSIFIED, PROTECTED A, and PROTECTED B information.

The information in this publication identifies and describes approved cryptographic algorithms and appropriate methods of use to protect the confidentiality of PROTECTED A and PROTECTED B information and the integrity of information to the medium injury level as defined in CSE’s ITSG-33 IT...

This bulletin is in support of the Treasury Board of Canada Secretariat (TBS) Information Technology Policy Implementation Notice 2014-01 (ITPIN: 2014-01). The notice, released in May 2014, describes the risks posed by, and the possible mitigations for, removable media devices that are used to...

This document is part of a suite of documents developed by the Cyber Centre to help secure cloud-based services and supports the cloud security risk management approach defined in ITSM.50.062 Cloud Security Risk Management.

The Canadian Centre for Cyber Security (Cyber Centre) is aware of the ongoing malicious cyber activity targeting information technology (IT) managed service providers (MSPs) and has been providing advice and guidance to Canada-based MSPs and Canadian businesses who use MSP services.

"Cloud computing has the potential to provide your organization with flexible, on-demand, scalable, and self-service information technology (IT) provisioning. To deliver this potential, it is imperative that we address the security and privacy dimensions of cloud computing. Cryptography is one of...

This document is part of a suite of documents that the Cyber Centre has developed to help secure cloud-based services. Security categorization, the selection of a security control profile, and the selection of a cloud deployment model and a cloud service model are the first three steps of the...

To enable the adoption of cloud computing, the Government of Canada (GC) developed an integrated risk management approach to establish cloud-based services. ITSM.50.062 outlines this approach which can be applied to all cloud based services independently of the cloud service and deployment models.

The purpose of this document is to describe CCCS’s Cloud Service Provider (CSP) Information Technology Security (ITS) Assessment Program. The objective of the CSP ITS Assessment Program is to assist Government of Canada (GC) departments and agencies in their evaluation of CSP services being...

"In This Edition Recent Approval of Two New Standards Recent Discussion on Physical Security Future Meeting Agendas September and December Contact Us "

"In This Edition Recent Approval of Two New Standards Recent Discussion on CEO Material Future Meeting Agendas May and September Contact Us "

This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States. It highlights technical approaches to uncovering malicious activity and includes mitigation steps...

On 11 March 2020, the World Health Organization (WHO) officially declared the novel coronavirus disease 2019 (COVID-19) a global pandemic. In a previous Cyber Threat Bulletin, we assessed that cyber threat actors have taken advantage of this context to conduct a range of cyber threat activities....

The purpose of this Information Note is to provide best practices and highlight security considerations when subscribing to services offered by managed service providers.

The purpose of this Information Note is to draw attention Doppelganger Campaigns and Wire Transfer Fraud.

The purpose of this Information Note is to draw attention to the top 10 IT security actions as recommended by CSE.

Government of Canada Announces New National Cyber Security Strategy and the Creation of the Canadian Centre for Cyber Security