Open Government Portal

The information in this publication identifies and describes approved cryptographic algorithms and appropriate methods of use to protect the confidentiality of PROTECTED A and PROTECTED B information and the integrity of information to the medium injury level as defined in CSE’s ITSG-33 IT Security Risk Management: A Lifecycle Approach [6].

IT Security is essential to government and commercial business activities in Canada. Public Key Cryptography (PKC) is used to protect the confidentiality and integrity of information and is robust in today’s computer environment. However, a new computer technology, quantum computing, promises a significant increase in computational capabilities that could compromise PKC.

This document provides guidance for deploying Microsoft Windows 7 Enterprise Edition operating system (OS) (i.e., Windows 7) in a manner that will best prevent compromise of Government of Canada (GC) IT assets and infrastructures in a generic internet-facing Protected B environment. It is intended for use by information system practitioners, security practitioners, and security assessment and authorization authorities who are collectively responsible for departmental networking risk management.

Small and medium organizations have valuable information (e.g. sensitive business, employee, and client information) that needs to be protected to ensure business activities run smoothly. Small and medium organizations are likely targets of cyber attacks because these organizations often lack resources to put towards cyber security. While it may not be possible to protect everything, knowing what information is valuable to your organization can help you protect what matters most.

Calculating Robustness for Boundary Controls is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security Establishment (CSE). Suggestions for amendments should be forwarded to the Canadian Centre for Cyber Security’s (CCCS) Contact Centre.

ITSP.70.012 Guidance for Hardening Microsoft Windows 10 Enterprise is an UNCLASSIFIED publication, issued under the authority of the Chief, Communications Security Establishment (CSE). Suggestions for amendments should be forwarded to the Canadian Centre for Cyber Security’s Contact Centre.

Information Technology Security Guidance for Practitioners ITSP.30.031 V3 supersedes ITSP.30.031 V2 User Authentication Guidance for IT Systems and provides guidance on user authentication in IT systems. ITSP.30.031 V3 is also part of a suite of documents developed by CSE to help secure GC departmental networks. User authentication is imperative in keeping cyber threat actors out of departmental systems, and the security controls used to protect GC systems are critical elements in the design of IT infrastructure.

Obtaining the right information at the right time in the right place is critical for organizations to carry out their day-to-day business. This requirement must be balanced with the appropriate information protection measures. Historically, organizations’ information has been protected by separating networks having different levels of information. However, this separation makes it difficult to share information.

This bulletin provides information on the availability of the Secure Communications Interoperability Protocol (SCIP) rekey guides.

The Baseline Cyber Security Controls for Small and Medium Organizations is an UNCLASSIFIED publication intended for small and medium organizations in Canada that want recommendations to improve their resiliency via cyber security investments. This document is for the public and as such has the Traffic Light Protocol (TLP) marking [1]Footnote 1 of TLP:WHITE.