Advice and Guidance on Commercial Products

CSEC is a lead agency in the federal government for information technology security. In accordance with the Treasury Board - Government Security Policy (GSP), CSEC is responsible to test, inspect and evaluate IT products and systems to identify risks, vulnerabilities and appropriate mitigation, and conduct related technical research and development.

The Cyber Protection Supply Arrangement (CPSA) is an initiative jointly managed by CSEC, Public Works and Government Services Canada (PWGSC) and Treasury Board Secretariat (TBS) to pre-qualify IT Security companies and resources within four different Work streams and an Aboriginal Set Aside for use within the Government of Canada (GC). The objective of the program is to facilitate the procurement of pre qualified resources within several IT Security resource categories. View the list of CPSA Work Streams and resource categories.

The Cryptographic Module Validation Program (CMVP) is a program jointly managed by CSEC and NIST for the validation of cryptographic modules to the FIPS 140-1 and FIPS 140-2, and other cryptographic FIPS. CSEC is the Canadian certification authority. View the list of FIPS 140-1 and FIPS 140-2 validated cryptographic modules.

The Canadian International TEMPEST Program (CITP) fosters a Canadian industrial capability to produce commercial off-the-shelf TEMPEST products and services to meet the needs of the Government of Canada. The CITP also provides protection for and control of TEMPEST information and prepares Canadian industry to participate in capital programs.

The Canadian Common Criteria Scheme (CCCS) is a Canadian independent third party evaluation and certification service for measuring the trustworthiness of IT security products and systems. Evaluations are performed against the requirements of the Common Criteria, facilitating recognition of evaluations carried out under the CCS internationally.

Finally, through our Industry Program, CSEC works with Canadian industry to seek formal agreements with other governments on equivalent program standards and procedures, and mutual acceptance of accreditation results.