Open Government Portal

"Patching operating systems and applications is one of the Top 10 Security Actions in CSE’s Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information (ITSB-89 Version 3). Implementing the Top 10 security actions as a package would prevent the vast majority of intrusions to which CSE currently responds.

Applying patches to operating systems, applications and devices is a critical activity in ensuring the security of systems. This document provides guidance on assessing known vulnerabilities and patches in order to determine the risk posed to an organization, the relative priority for patch deployment, as well as guidelines on how to deploy patches."

The Top 10 Information Technology (IT) Security Actions to Protect Internet-Connected Networks and Information (ITSM.10.189) is based on the Canadian Centre for Cyber Security (CCCS) analysis of cyber threat activity trends and their impact on Internet-connected networks. Organizations that implement these recommendations will address many vulnerabilities and counter most current cyber threats.

"The Communications Security Establishment (CSE) plays a vital role in detecting and defending against cyber threats to the Government of Canada (GC). These threats are persistent, sophisticated, and continually evolving – as are CSE’s Information Technology (IT) security publications. CSE’s publications are tools that GC departments can use to improve their security posture against cyber threats. CSE’s publications address IT security topics that departments should consider and highlight measures that organizations should implement to bolster their IT security posture.

"The Communications Security Establishment (CSE) released its first unclassified, public Annual Report. This past year has been a notable one for CSE, highlighted by the CSE Act coming into effect, setting out CSE’s lead role as the national authority for foreign intelligence and as the national technical authority for cyber security and information assurance. The CSE Act also reinforced the crucial elements of openness, transparency and accountability that are essential to CSE’s work. This Annual Report is one of those elements.

Information Technology Security Guidance for Practitioners ITSP.30.031 V3 supersedes ITSP.30.031 V2 User Authentication Guidance for IT Systems and provides guidance on user authentication in IT systems. ITSP.30.031 V3 is also part of a suite of documents developed by CSE to help secure GC departmental networks. User authentication is imperative in keeping cyber threat actors out of departmental systems, and the security controls used to protect GC systems are critical elements in the design of IT infrastructure.

The information in this publication identifies and describes approved cryptographic algorithms and appropriate methods of use to protect the confidentiality of PROTECTED A and PROTECTED B information and the integrity of information to the medium injury level as defined in CSE’s ITSG-33 IT Security Risk Management: A Lifecycle Approach [6].

o Canadian Medium Assurance Solutions
o Shared Services Canada’s Security Operations Centre
o CSE’s Top 10 and Shared Services Canada
o CSE’s Top 10 in the Mobile Environment

CSE's unclassified, public Annual Report 2020-2021

The purpose of this Information Note is to draw attention to the top 10 IT security actions as recommended by CSE.

o Top 10 For Everyone
o Put Your Money Where Your Data Is – Invest In Cyber Security
o CSE’s Assessment On Cyber Threats To Canada’s Democratic Process
o The Forecast On Cloud Computing
o Cyber Hygiene Series: Social Media
o CSE In The Community