🛡️ Prepare for Kuwait's NBCC framework with practical guidance and AI-driven compliance. Register now
MarketplaceCybersecurity
CybersecurityStandardIn 6clicks App

ITSP.10.171Protecting Specified Information in Non-Government of Canada Systems and Organizations

ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.

Talk to a GRC ExpertRead source ↗Download document ↗
ITSP.10.171 is a cybersecurity standard issued by the Canadian Centre for Cyber Security to ensure the confidentiality of specified information as it resides in non-Government of Canada (non-GC) systems. The publication is modeled after NIST SP 800-171 but tailored to reflect Canadian legal, regulatory, and operational contexts. It outlines 17 families of security requirements, such as access control, incident response, and supply chain risk management. Non-GC organizations working with GC bodies must comply with these standards to safeguard contractual information. The document also supports scoping methods to limit security requirements to designated system components, balancing security needs with practicality. It references ITSP.10.033 as its control baseline and introduces organization-defined parameters (ODPs) for scalability and flexibility.
#cybersecurity#confidentiality#government-contracting#risk-management#canada#standards#compliance

Related in Cybersecurity

CybersecurityStandardIn 6clicks App

OWASP ASVS — OWASP Application Security Verification Standard

The OWASP Application Security Verification Standard (ASVS) is an open standard for testing and verifying the security of web applications. It provides developers with a comprehensive list of requirements for secure development and helps establish confidence in application security.

Issuer
OWASP Foundation
Version
4.0.2
Updated
May 2025
View detailsapplication security · web security
CybersecurityFrameworkIn 6clicks App

CMMC — Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.

Issuer
US Government
Jurisdiction
USA
Version
2.13
View detailsinformation security · cybersecurity
CybersecurityFrameworkIn 6clicks App

SOC2 — SOC2 Trusted Services Criteria

SOC 2 is a framework for managing and reporting on controls at service organizations relevant to security, availability, processing integrity, confidentiality, and privacy. It aims to provide detailed information and assurance to stakeholders about how these controls are implemented to protect user data.

Issuer
American Institute of Certified Public Accountants (AICPA)
Jurisdiction
USA
Updated
Sep 2022
View detailssoc 2 · security