🤖 Ready for Sovereignty 2026: Australian Insights Report. Get your copy
MarketplaceCybersecurityITSP.10.171
CybersecurityStandard

ITSP.10.171

Protecting Specified Information in Non-Government of Canada Systems and Organizations

ITSP.10.171 sets out security requirements for protecting 'specified information' when it resides in non-Government of Canada systems or organizations. It aligns with NIST standards but adapts them to the Canadian regulatory environment.

Book your strategy callView source ↗

Overview

ITSP.10.171 is a cybersecurity standard issued by the Canadian Centre for Cyber Security to ensure the confidentiality of specified information as it resides in non-Government of Canada (non-GC) systems. The publication is modeled after NIST SP 800-171 but tailored to reflect Canadian legal, regulatory, and operational contexts. It outlines 17 families of security requirements, such as access control, incident response, and supply chain risk management. Non-GC organizations working with GC bodies must comply with these standards to safeguard contractual information. The document also supports scoping methods to limit security requirements to designated system components, balancing security needs with practicality. It references ITSP.10.033 as its control baseline and introduces organization-defined parameters (ODPs) for scalability and flexibility.

Related in Cybersecurity

CybersecurityStandard

ISM CCM — Information Security Manual Cloud Controls Matrix Template

The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

ISM SSP — Information Security Manual System Security Plan Annex Template

The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability

The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

ISM — Information Security Manual

The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.

Australian Government • Australia • vJune 2026

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call