⚙️Live webinar: AI governance in controlled environments: The next compliance challenge. Register now
MarketplaceCybersecurityITSP.10.171
CybersecurityStandard

ITSP.10.171

Protecting Specified Information in Non-Government of Canada Systems and Organizations

ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.

Book your strategy callView source ↗

Overview

ITSP.10.171 is a cybersecurity standard issued by the Canadian Centre for Cyber Security to ensure the confidentiality of specified information as it resides in non-Government of Canada (non-GC) systems. The publication is modeled after NIST SP 800-171 but tailored to reflect Canadian legal, regulatory, and operational contexts. It outlines 17 families of security requirements, such as access control, incident response, and supply chain risk management. Non-GC organizations working with GC bodies must comply with these standards to safeguard contractual information. The document also supports scoping methods to limit security requirements to designated system components, balancing security needs with practicality. It references ITSP.10.033 as its control baseline and introduces organization-defined parameters (ODPs) for scalability and flexibility.

Related in Cybersecurity

CybersecurityRegulation

Safe & Trusted Internet — Guidelines on Information Security Practices for Government Entities

The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.

Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India • India

View details
CybersecurityGuideline

PDSP — Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7

Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).

Office of the Victorian Information Commissioner (OVIC) • Victoria, Australia • v3.7

View details
CybersecurityGuideline

CISA ZTMM V2 — CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

US Department of Homeland Security (DHS) • United States • v2

View details
CybersecurityGuideline

Guidelines on ICT and Security Risk Management

The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.

European Banking Authority (EBA) • European Union • v2025 update

View details

Ready to operationalize these standards?

6clicks maps regulations to controls, evidence and risks automatically.

Book your strategy call