{{item.title}}
{{item.text}}
{{item.text}}
Securing Canada’s defence supply chain
The Government of Canada has introduced the Canadian Program for Cyber Security Certification (CPCSC) to protect the unclassified information industry partners handle. If you supply the Department of National Defence (DND), self-attestation is no longer sufficient.
As of March 2026, the program requires contractors to meet defined security standards, specifically ITSP.10.171 (aligned with NIST SP 800-171), to remain eligible for federal contracts. We help organizations navigate these mandatory requirements, from Level 1 self-assessments to Level 2 third-party certifications, helping your business stay compliant and competitive in the defence sector.
We view compliance as a strategic advantage—not just a regulatory hurdle. Our approach mirrors the Government of Canada's phased rollout.
We start by identifying your specific compliance boundary, determining which of your networks handle controlled information to prevent costly over-scoping. We then support you through the full life cycle: from the initial gap assessment against the controls of the new standard to the final rigorous evidence collection required by accredited certification bodies.
PwC has guided US defence suppliers through Cybersecurity Maturity Model Certification (CMMC), working across the same NIST 800-171 controls that form the foundation of CPCSC. This isn’t theoretical experience. Our teams understand how assessors think, where suppliers commonly fail, and what evidence holds under review.
For Canadian suppliers focused on CPCSC, we deliver a certification path grounded in proven cross-border experience. Also, with a lot of US primes partnering with Canadian organizations, we offer an integrated approach that aligns CPCSC and CMMC into one cybersecurity program, opening eligibility for contracts on both sides of the border.
{{item.text}}
{{item.text}}
Partner, Cybersecurity, Privacy & Financial Crimes, PwC Canada
Tel: +1 613.297.6706