COMSEC Policy Instruments
Communications Security Policy Instruments
CSE, as the lead security agency and national authority for COMSEC, is responsible for the development, approval and promulgation of COMSEC policy instruments.
The overarching policy instruments are Information Technology Security Directives (ITSD). These are authoritative publications that contain high-level, long-term direction on COMSEC; as such they are the master reference material for federal government and private sector clients.
- IT Security Directive for the Application of Communications Security Using CSE-Approved Solutions (ITSD-01A) provides baseline COMSEC requirements for the use of CSE - approved COMSEC solutions.
- IT Security Directive for the Control of COMSEC Material in the Government of Canada (ITSD-03A) provides the minimum security requirements for the control and management of COMSEC material authorized by the CSE for use by the GC.
- Annex B – Government of Canada Enterprise COMSEC Management and Accountability provides direction to the different Government of Canada departments that are now part of an enterprise services organization.
- Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a Telecommunications Network (ITSD-04) provides the minimum security requirements for the control and handling of CSE-approved COMSEC equipment and cryptographic key used to protect classified and PROTECTED C information on a telecommunication network.
- Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable COMSEC Material (ITSD-05) provides minimum requirements for reporting and evaluating incidents involving COMSEC material.
- Directive for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06) provides the minimum security requirements for the control and management of COMSEC material authorized by CSEC for use by a Canadian private sector client within Canada.
- IT Security Directive for the Control and Management of In-Process COMSEC Material (ITSD-08) (in development).
In addition to ITSD, Federal departments, Other Levels of Government (OLG) and private sector clients requiring access to such COMSEC material must comply to both the Canadian Controlled Goods Program (CGP) and the United States (U.S.) International Traffic in Arms Regulations (ITAR).