Open Government Portal

ITSP.70.012 Guidance for Hardening Microsoft Windows 10 Enterprise is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security Establishment (CSE). Suggestions for amendments should be forwarded to the Canadian Centre for Cyber Security’s Contact Centre.

"The COMSEC Installation Planning – Guidance and Criteria (ITSG-11) has been superseded by Emission Security (EMSEC) Guidance (ITSG-11A) February 2016 which is a Protected publication, issued under the authority of the Chief, Communications Security Establishment (CSE).

To access, or obtain, a copy of the publication, please visit the COMSEC User Portal (CUP) at: https://comsecportal.cse-cst.gc.ca, or contact your departmental COMSEC Custodian."

The Top 10 Information Technology (IT) Security Actions to Protect Internet-Connected Networks and Information (ITSM.10.189) is based on the Canadian Centre for Cyber Security (CCCS) analysis of cyber threat activity trends and their impact on Internet-connected networks. Organizations that implement these recommendations will address many vulnerabilities and counter most current cyber threats.

The purpose of this document is to describe CCCS’s Cloud Service Provider (CSP) Information Technology Security (ITS) Assessment Program. The objective of the CSP ITS Assessment Program is to assist Government of Canada (GC) departments and agencies in their evaluation of CSP services being procured for use by the GC. The resulting assessments will show whether the subject CSP’s security processes and controls meet the GC public cloud security requirements for information and services up to Protected B, Medium Integrity, and Medium Availability (PB/M/M) as published by the Treasury Board of Canada Secretariat

The following content was created prior to the creation of the Canadian Centre for Cyber Security by one of the entities that became part of the Cyber Centre. This content remains relevant to current discussions about cyber security.

The following content was created prior to the creation of the Canadian Centre for Cyber Security by one of the entities that became part of the Cyber Centre. This content remains relevant to current discussions about cyber security.

The information in this publication identifies and describes approved cryptographic algorithms and appropriate methods of use to protect the confidentiality of PROTECTED A and PROTECTED B information and the integrity of information to the medium injury level as defined in CSE’s ITSG-33 IT Security Risk Management: A Lifecycle Approach [6].

"With today’s dynamic threat environment and Government of Canada (GC) fiscal constraints, information technology (IT) security can no longer be an afterthought, but rather needs to be a vital component in both departmental and IT project plans.

IT security risks can result in exposure of sensitive government information, a loss in productivity, an inability to meet organizational objectives, or damage to the GC’s reputation, all of which can be costly to the GC.

IT security risk management is the process by which organizations manage IT security risks and is achieved through the management and application of security controls, solutions, tools, and techniques to protect IT assets against compromises.

CSE’s IT security risk management framework can help outline a risk strategy that will align with GC priorities and resource allocation so that departmental objectives can be met."

o Canadian Medium Assurance Solutions
o Shared Services Canada’s Security Operations Centre
o CSE’s Top 10 and Shared Services Canada
o CSE’s Top 10 in the Mobile Environment

Information Technology Security Guidance for Practitioners ITSP.30.031 V3 supersedes ITSP.30.031 V2 User Authentication Guidance for IT Systems and provides guidance on user authentication in IT systems. ITSP.30.031 V3 is also part of a suite of documents developed by CSE to help secure GC departmental networks. User authentication is imperative in keeping cyber threat actors out of departmental systems, and the security controls used to protect GC systems are critical elements in the design of IT infrastructure.