CCNSS Edition 1
CCNSS Canadian Committee On National Security Systems
BULLETIN
Edition 1
March 2018
© Government of Canada
This document is the property of the Government of Canada. It shall not be altered, distributed beyond its intended audience, produced, reproduced or published, in whole or any substantial part thereof, without the express permission of CSE.
In This Edition
- Recent Approval of Two New Standards
- Recent Discussion on CEO Material
- Future Meeting Agendas May and September
- Contact Us
What is CCNSS?
The Canadian Committee on National Security Systems (CCNSS) was established by Deputy Ministers of National Security to govern Government of Canada (GC) National Security Systems (NSS) through the development of national standards and enterprise approaches that promote the consistent application of security.
The CCNSS’s main responsibility is to oversee the protection of NSS, while enabling secure inter-operability within the Canadian Security and Intelligence community, as well as with Allied organizations, today and into the future.
A Canadian NSS is a system within which national security activities are enabled and protected. Information, resources and assets are of such sensitivity that compromise could undermine the national security of Canada or its partners. The security measures required for a NSS are designed to provide confidence and defence against the most sophisticated threat.
The CCNSS is chaired by the Deputy Chief of Information Technology Security (CSE) and consists of a Committee, a Secretariat, and various Working Groups. Members, participants of the committee, the secretariat and the working groups, and Subject Matter Experts are drawn from Member departments. The CCNSS meets quarterly, and on an ad hoc basis as required.
Committee membership includes Assistant Deputy Ministers from CSE, the Department of National Defence, the Privy Council Office, the Royal Canadian Mounted Police, the Canadian Security Intelligence Service, Public Safety Canada, Shared Services Canada, Treasury Board Secretariat, and Global Affairs Canada. CSE provides the executive secretariat function, which supports the CCNSS.
Recent Approvals
On 11 December 2017, the Canadian Committee on National Security Systems (CCNSS) approved the Standard on Security Controls for Protection of NSS, and the Standard for the Sharing of Information via Collaboration Tools on National Security Systems.
While these standards are effective immediately, it is understood that departmental implementation will take some time and considerable effort. Please ensure that all stakeholders within your organization are made aware of these new standards and are consulted widely as you begin to plan your approach to come into compliance in the coming months.
Copies of these standards are available upon request from the Secretariat or on a self-serve basis from the CCNSS website on CTSN.
STANDARD ON SECURITY CONTROLS FOR PROTECTION OF NATIONAL SECURITY SYSTEMS | |||
---|---|---|---|
Objective: to establish the criteria for consistent application of security controls that will be used for the protection of all applicable NSS prior to authorization. | |||
DEFINITION | POLICY PRINCIPLES | COMPLIANCE | IMPLEMENTATION |
Security Controls are defined as a set of protection measures that are designed to support the business activities of the NSS owners and ensure trust and confidence in the protection of the information assets and business functions being performed | National Policy Principles for application of security controls across the NSS spectrum are:
|
Compliance with this standard shall be achieved when NSS owners implement security controls prescribed in the profile appropriate to the NSS being authorized as follows:
|
Implementation ensures the security objectives of confidentiality, integrity and availability are being achieved as part of the overall risk management activities that are identified through a comprehensive Threat and Risk Assessment (TRA). |
STANDARD FOR THE SHARING OF INFORMATION VIA COLLABORATION TOOLS ON NATIONAL SECURITY SYSTEMS | |||
---|---|---|---|
Objective: to state principles by which to govern sensitive information sharing on NSS, and to define minimum policy requirements for Departments to address via policy or procedures. | |||
DEFINITION | POLICY STATEMENT | COMPLIANCE | IMPLEMENTATION |
Collaboration Tools are defined as any system or network application where users can share information with others (includes email and web collaboration environments). | Deputy Heads are responsible for ensuring that all sharing of information carried out by users within their departments is in accordance with the following principles:
|
Compliance with this standard shall be achieved when Departmental Procedures are implemented that respect the Principles in the Policy Statement and address:
|
Implementation begins with the establishment of a Departmental NSS Collaboration Authority, who:
|
Recent Discussions
Updated guidance on the access to CEO Material
The CCNSS also recently reviewed how the Canadian Eyes Only (CEO) dissemination control term has been used and its effects on the distribution of information to Canadians and Foreign Integrees employed within the Government of Canada (GC). In the past, a few departments have shared CEO material with Foreign Integrees, who are treated as domestic personnel while employed in Canada, by having them sign Non-Disclosure Agreements (NDA).
As more GC departments become increasingly integrated, it becomes more difficult to maintain consistent restrictions on CEO material. This increased connectivity poses new security risks for CEO content, even if it is being shared with Foreign Integrees with the best intentions.
The CCNSS requests that organizations review their use of NDAs for Foreign Integree access to national information, and restrict CEO material access to Canadians only, by no later than 31 December 2019.
This new direction on CEO will be reflected in the new Standard on Security Control Markings for National Security Systems, to be released in FY 2018/2019.
The CCNSS Secretariat is available for consultation should Departments wish to discuss the specific impacts to their organizations, and to assist with determining an appropriate implementation schedule.
Future Meeting Agendas
MAY 2018 | |
---|---|
Discussion |
|
Approval of Standards |
|
Approval of Principles |
|
SEPTEMBER 2018 | |
---|---|
Discussion |
|
Approval of Standards |
|
Approval of Principles |
|
Contact Us
CCNSS Secretariat staff can be contacted at: