Communications Security Establishment Canada

"Your mobile device provides a convenient and flexible way to work anywhere or at anytime. While mobile devices play a vital role in the day-to-day operations of organizations and agencies, their use can also pose a threat to information and networks. Mobile devices are attractive targets that...

This document is part of a suite of documents that focus on each of the top 10 IT security actions recommended in ITSM.10.189 Top 10 IT Security Actions to Protect Internet Connected Networks and Information [1]. While implementing all 10 of the recommended security actions can reduce your...

The following content was created prior to the creation of the Canadian Centre for Cyber Security by one of the entities that became part of the Cyber Centre. This content remains relevant to current discussions about cyber security.

There is growing awareness of the risks posed by potentially vulnerable or shaped technologies that may be entering the Government of Canada (GC) communications networks and information technology infrastructure through the supply chain.

"Several meetings involving an ad-hoc group of federal government departments occurred in April-May 2008 around an emerging national security issue relating to the vulnerability of the supply chain for Government of Canada telecommunications equipment and services. In addition to the threat of...

The following content was created prior to the creation of the Canadian Centre for Cyber Security by one of the entities that became part of the Cyber Centre. This content remains relevant to current discussions about cyber security.

The information in this publication identifies and describes acceptable security protocols and their appropriate methods of use to ensure continued protection of UNCLASSIFIED, PROTECTED A, and PROTECTED B information.

The information in this publication identifies and describes approved cryptographic algorithms and appropriate methods of use to protect the confidentiality of PROTECTED A and PROTECTED B information and the integrity of information to the medium injury level as defined in CSE’s ITSG-33 IT...

This bulletin is in support of the Treasury Board of Canada Secretariat (TBS) Information Technology Policy Implementation Notice 2014-01 (ITPIN: 2014-01). The notice, released in May 2014, describes the risks posed by, and the possible mitigations for, removable media devices that are used to...

Make sure you know how to use them safely to keep that data secure.

This document is part of a suite of documents developed by the Cyber Centre to help secure cloud-based services and supports the cloud security risk management approach defined in ITSM.50.062 Cloud Security Risk Management.

The Canadian Centre for Cyber Security (Cyber Centre) is aware of the ongoing malicious cyber activity targeting information technology (IT) managed service providers (MSPs) and has been providing advice and guidance to Canada-based MSPs and Canadian businesses who use MSP services.

"Cloud computing has the potential to provide your organization with flexible, on-demand, scalable, and self-service information technology (IT) provisioning. To deliver this potential, it is imperative that we address the security and privacy dimensions of cloud computing. Cryptography is one of...

This document is part of a suite of documents that the Cyber Centre has developed to help secure cloud-based services. Security categorization, the selection of a security control profile, and the selection of a cloud deployment model and a cloud service model are the first three steps of the...

To enable the adoption of cloud computing, the Government of Canada (GC) developed an integrated risk management approach to establish cloud-based services. ITSM.50.062 outlines this approach which can be applied to all cloud based services independently of the cloud service and deployment models.

The purpose of this document is to describe CCCS’s Cloud Service Provider (CSP) Information Technology Security (ITS) Assessment Program. The objective of the CSP ITS Assessment Program is to assist Government of Canada (GC) departments and agencies in their evaluation of CSP services being...

"In This Edition Recent Approval of Two New Standards Recent Discussion on Physical Security Future Meeting Agendas September and December Contact Us "

"In This Edition Recent Approval of Two New Standards Recent Discussion on CEO Material Future Meeting Agendas May and September Contact Us "

This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States. It highlights technical approaches to uncovering malicious activity and includes mitigation steps...

On 11 March 2020, the World Health Organization (WHO) officially declared the novel coronavirus disease 2019 (COVID-19) a global pandemic. In a previous Cyber Threat Bulletin, we assessed that cyber threat actors have taken advantage of this context to conduct a range of cyber threat activities....