Cyber Protection Supply Arrangement (CPSA)


Services Provided until SA closure

The goal of the Cyber Protection Supply Arrangement (CPSA) is to support the GC in achieving an enhanced security posture consistent with current policy direction and appropriate responses to current risks and threats. The objectives of the CPSA are to:

  • provide a flexible and all-encompassing tool to facilitate the acquisition of high quality IT Security services by government departments and agencies;
  • extend CSEC's technical capability to support departments and agencies by providing access to expertise with confidence that supplier qualifications are appropriate for the work; and
  • provide services of a management consulting nature, in addition to the more technical services, to assist departmental senior management with issues such as accountability arrangements and division of responsibilities, and to increase security awareness.

The CPSA is divided in four different Work Streams and one Aboriginal Set-Aside (ASA). Work Stream 1 services will provide a vehicle for senior management to acquire high-level consulting advice based on the global experience of SA Holders who will provide services for:

  • strategic business planning, advice and guidance;
  • security projects and advanced R&D in IT security; and
  • change management, opportunities and performance.

Work Stream 1 SA Holders represent leading-edge thinking in business design processes and technology solutions. They will provide strategic planning and advice consistent with the GC IT Security Policies and Standards (NSP, GSP, and MITS) to senior management based on global best practices. Firms will also advise on effective prioritization of IT security and information infrastructure protection programs in support of business functions and service delivery. Suppliers have been qualified based on their global expertise and reach as well as their capacity to provide an expert extension to the client's existing in-house knowledge on IT Security.

Work Stream 2 services will provide mature, packaged offerings of security-related services. This stream of service is meant to complement the IPS (Informatics Professional Services) marketplace skills and categories. These security-related services cover frequently used and stable disciplines, including:

  • On-site Technical Vulnerability Assessment (OTVA);
  • Certification and Accreditation (C&A);
  • Threat and Risk Assessment (TRA)
  • Business Continuity Planning (BCP); and
  • Disaster Recovery Planning (DRP).

Services will be provided in accordance with GC standards and will meet the GSP and MITS requirements for departments and agencies to implement a continuous review cycle for these activities. Work Stream 2 SA Holders have been qualified based on their proven ability to offer teams that can provide services in a structured and coherent manner, and employ proven methodologies over a significant period of time. This will ensure that Supply Arrangement Holders provide a consistent level of service for these frequent activities.

Work Stream 3 / ASA services will provide both supplier and individual qualifications. The range of skill groups includes:

  • PKI Specialist
  • Computer Forensics Specialist
  • Incident Management Specialist
  • IT Security Design Specialist
  • IT Security Installation Specialist
  • Network Security Analyst
  • IT Security TRA and C&A Analyst
  • Physical Security Specialist
  • Privacy Impact Assessment Specialist
  • IT Security R&D Specialist
  • IT Security Product Evaluation Specialist
  • IT Security Project Manager
  • IT Security Vulnerability Assessment Specialist
  • IT Security General Support
  • Business Continuity and Contingency Planning Specialist
  • IT Security Systems Operator
  • IT Security Methodology, Policy, and Procedures Analyst

Emphasis is placed on individual qualifications supported by corporate capabilities. By creating a pool of private sector expertise, this stream permits departments and agencies to call on skilled consultants to complement their teams in conducting periodic IT Security activities that incorporate risk management and assessment methodologies. General categories of tasks include drafting of policy and supporting documentation, direct engineering support tasks, security audit activities, and training/awareness.

Work Stream 4 services will be provided by SA Holders approved under the Canadian Industrial TEMPEST Program (CITP) and include:

  • EMSEC services;
  • COMSEC services;
  • TEMPEST support services;
  • TEMPEST test services at GC facilities; and
  • TEMPEST test services at SA Holders' facilities.

For any procurement request, please visit the PWGSC CPSA web site or call the PWGSC Supply Arrangement Authority at 819-956-6148.

For more technical information, please contact:

The CPSA Technical Support Office
Tel: 613-991-7654
Fax: 613-991-7902