Open Government Portal

This document summarizes the steps required to enable release of COMSEC material to the private sector and is based on the CSE Directive for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06A).

o The Canadian Centre for Cyber Security
o Meltdown and Spectre
o Trending Topic: Cloud Benefits
o COMSEC Update
o Assemblyline
o CSE in the Community: Hackergal
o ITSLC News

The information in this publication identifies and describes approved cryptographic algorithms and appropriate methods of use to protect the confidentiality of PROTECTED A and PROTECTED B information and the integrity of information to the medium injury level as defined in CSE’s ITSG-33 IT Security Risk Management: A Lifecycle Approach [6].

The purpose of this Alert is to provide Government of Canada (GC) COMSEC accounts with procedures for zeroization and handling of Key Storage Devices (KSD-64).

ITSP.70.012 Guidance for Hardening Microsoft Windows 10 Enterprise is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security Establishment (CSE). Suggestions for amendments should be forwarded to the Canadian Centre for Cyber Security’s Contact Centre.

Calculating Robustness for Boundary Controls is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security Establishment (CSE). Suggestions for amendments should be forwarded to the Canadian Centre for Cyber Security’s (CCCS) Contact Centre.

With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both your departmental and IT project plans. With that in mind, the ITSG-33 publication has been developed to help government departments ensure security is considered right from the start. By following the principles within this publication, you not only help ensure predictability and cost-effectiveness, you also help ensure that there are no hidden surprises preventing you from obtaining authority to operate and maintaining continued authorization.

The Information Technology Security Guidance for Purchasing CSEC-Approved Cryptographic Equipment from the United States Government (ITSG-26) provides instructions and guidance on the purchase of Communications Security Establishment Canada (CSEC)-approved cryptographic equipment available from the United States (U.S.) via Foreign Military Sales (FMS) and Direct Sales (DS).

"The Communications Security Establishment (CSE) plays a vital role in detecting and defending against cyber threats to the Government of Canada (GC). These threats are persistent, sophisticated, and continually evolving – as are CSE’s Information Technology (IT) security publications. CSE’s publications are tools that GC departments can use to improve their security posture against cyber threats. CSE’s publications address IT security topics that departments should consider and highlight measures that organizations should implement to bolster their IT security posture.

"Patching operating systems and applications is one of the Top 10 Security Actions in CSE’s Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information (ITSB-89 Version 3). Implementing the Top 10 security actions as a package would prevent the vast majority of intrusions to which CSE currently responds.

Applying patches to operating systems, applications and devices is a critical activity in ensuring the security of systems. This document provides guidance on assessing known vulnerabilities and patches in order to determine the risk posed to an organization, the relative priority for patch deployment, as well as guidelines on how to deploy patches."