Pilotcore

Your Free CPCSC Level 1 Compliance Guide

Essential requirements for contractors working with the Department of National Defence on designated contracts. The Canadian Program for Cyber Security Certification (CPCSC) applies to Canadian and foreign companies handling Protected A information on DND contracts.

All 13 CPCSC Level 1 controls explained in plain English
Common implementation timelines: 3-6 months (small-medium) to 6-12 months (large), varying by organisation
Common challenges, critical success factors, and best practices
Step-by-step action plan with cost estimates

🍁 IMPORTANT: CPCSC requirements are being phased into designated Department of National Defence contracts. Confirm timing and applicability in current solicitation documents.

Get Your Free CPCSC Guide

Understand contract and attestation implications before submitting self-assessments.

After a quick review, we'll email your download link.

By submitting, you agree to our Terms of Service and Privacy Policy.

Your information is encrypted and protected

We respect your privacy. Unsubscribe anytime.

Who Should Download?

Any company--Canadian or foreign--expecting to handle DND government information in 2025. Prime contractors, suppliers, and partners subject to new contract award eligibility rules.

↓ See what's inside the guide below ↓

Secure Your DND Contracts

CPCSC requirements are being phased into designated Department of National Defence contracts based on current rollout guidance. Whether you're based in Canada or abroad, validate current contract language to confirm applicability and timing.

Phased Rollout

Required for designated contracts starting Spring 2026

Legal Risk Managed

Executive liability and attestation requirements explained

Contract Ready

Essential for current and future DND contracts

Our guide provides clear steps for both Canadian and international contractors

What You'll Get via Email Delivery:

Complete Requirements Overview

  • • All 13 Level 1 CPCSC controls explained
  • • 6 security domains: Access Control, Identity & Authentication, Media Protection, Physical Protection, System & Communications Protection, and System & Information Integrity
  • • Scope definition: enterprise vs. boundary approaches
  • • Implementation requirements and evidence standards

Timeline & Cost Planning

  • • Timelines vary by scope, baseline controls, and internal resourcing; many teams plan in phased increments
  • • 6-12 months for large/complex organisations
  • • Cost estimates and resource requirements
  • • Annual requirements and ongoing maintenance

Common Implementation Challenges

  • • Common compliance failures and how to avoid them
  • • Critical success factors for certification
  • • Supply chain and subcontractor compliance requirements
  • • Self-attestation process and legal accountability

Implementation Roadmap

  • • Step-by-step action plan with clear milestones
  • • Best practices for ongoing compliance
  • • Beyond compliance: the business case
  • • Strategic advantages of early certification

CPCSC Applies to Designated DND Contractors

Not just for Canadian companies. Any organisation awarded designated DND contracts that handle Protected A information must meet CPCSC Level 1 requirements. This includes foreign companies, subcontractors, and partners. Our guide covers requirements for all contractor types and provides specific guidance based on your location.