Pilotcore

Your Free CPCSC Level 1 Compliance Guide

Essential requirements for contractors working with the Department of National Defence on designated contracts. The Canadian Program for Cyber Security Certification (CPCSC) applies to Canadian and foreign companies handling Protected A information on DND contracts.

All 13 CPCSC Level 1 controls explained in plain English
Common implementation timelines: 3-6 months (small-medium) to 6-12 months (large), varying by organization
Common challenges, critical success factors, and best practices
Step-by-step action plan with cost estimates

🍁 IMPORTANT: CPCSC Level 1 is required for designated Department of National Defence contracts beginning Spring 2026. Both Canadian and foreign companies handling Protected A information must comply to bid on and maintain DND contracts.

Get Your Free CPCSC Guide

Protect your contracts--and your executives--from costly mistakes. Start with the facts.

We'll email you the download link instantly

Your information is encrypted and protected

We respect your privacy. Unsubscribe anytime.

Who Should Download?

Any company--Canadian or foreign--expecting to handle DND government information in 2025. Prime contractors, suppliers, and partners subject to new contract award eligibility rules.

↓ See what's inside the guide below ↓

Secure Your DND Contracts

CPCSC compliance is required for designated Department of National Defence contracts beginning Spring 2026, with enforcement expanding through 2026. Whether you're based in Canada or abroad, compliance ensures continued access to DND opportunities.

Phased Rollout

Required for designated contracts starting Spring 2026

Legal Risk Managed

Executive liability and attestation requirements explained

Contract Ready

Essential for current and future DND contracts

Our guide provides clear steps for both Canadian and international contractors

What You'll Get Instant Access To:

Complete Requirements Overview

  • • All 13 Level 1 CPCSC controls explained
  • • 6 security domains: Access Control, Identity & Authentication, Media Protection, Physical Protection, System & Communications Protection, and System & Information Integrity
  • • Scope definition: enterprise vs. boundary approaches
  • • Implementation requirements and evidence standards

Timeline & Cost Planning

  • • Common timelines: 3-6 months for small-medium organizations (varies by starting point)
  • • 6-12 months for large/complex organizations
  • • Cost estimates and resource requirements
  • • Annual requirements and ongoing maintenance

Common Implementation Challenges

  • • Common compliance failures and how to avoid them
  • • Critical success factors for certification
  • • Supply chain and subcontractor compliance requirements
  • • Self-attestation process and legal accountability

Implementation Roadmap

  • • Step-by-step action plan with clear milestones
  • • Best practices for ongoing compliance
  • • Beyond compliance: the business case
  • • Strategic advantages of early certification

CPCSC Applies to Designated DND Contractors

Not just for Canadian companies. Any organization awarded designated DND contracts that handle Protected A information must meet CPCSC Level 1 requirements. This includes foreign companies, subcontractors, and partners. Our guide covers requirements for all contractor types and provides specific guidance based on your location.