Baseline Controls News Resources Glossary About
Free Assessment
Free for Canadian Businesses

How Cyber-Ready Is Your Canadian Business?

Assess your organization's cybersecurity posture against the Government of Canada's recommended baseline controls. Free, confidential, under 30 minutes.

Start Free Assessment Browse Resources
Based on Government of Canada standards
Under 30 minutes
100% confidential
Government of Canada Standard

Based on the Canadian Centre for Cyber Security's Baseline Controls

The Canadian Centre for Cyber Security applied the 80/20 rule — achieve 80% of the benefit from 20% of the effort — to create a condensed set of security controls for small and medium organizations. Our assessment is built on these baseline controls: practical, prioritized guidance designed to deliver the biggest security gains for your investment.

Take the Assessment View Official Document

Cybersecurity Canada is an independent resource and is not affiliated with, endorsed by, or connected to the Canadian Centre for Cyber Security, the Communications Security Establishment, or the Government of Canada.

13 Control Areas

What We Assess

Our assessment covers all 13 Baseline Control areas defined by the Canadian Centre for Cyber Security, plus organizational context.

🚨
Incident Response
BC.1
🔄
Patch Management
BC.2
🦠
Anti-Malware
BC.3
⚙️
Secure Configuration
BC.4
🔐
Authentication
BC.5
🎓
Security Awareness
BC.6
💾
Data Backup
BC.7
📱
Mobile Devices
BC.8
🌐
Network Security
BC.9
☁️
Cloud Services
BC.10
🌍
Web Security
BC.11
👥
Access Control
BC.12
💽
Portable Media
BC.13
News

Latest Cybersecurity News

Stay informed about cybersecurity in Canada.

March 7, 2026 Best Practices

Building an Incident Response Plan for Your Canadian Business

The Canadian Centre for Cyber Security designates incident response planning as the first of its 13 Baseline Controls. H...

Read more
February 28, 2026 Guide

What to Do in the First 24 Hours After a Cyber Attack

When a cyber attack hits, the decisions you make in the first hours determine how much damage your business sustains. Th...

Read more
February 22, 2026 Insights

Cyber Insurance: What Canadian SMBs Need to Understand

Cyber insurance adoption among Canadian businesses remains low, and denied claims are making headlines. Here is what the...

Read more
View All News
Resources

Canadian Cybersecurity Resources

Official Government of Canada cybersecurity resources for organizations.

🚨

Report a Cyber Incident

Report a cyber incident to the Canadian Centre for Cyber Security for assistance and guidance.

Report now
📋

Baseline Controls Document

The official CCCS Baseline Cyber Security Controls for Small and Medium Organizations.

View document
⚠️

Alerts & Advisories

Stay informed about current cyber threats and vulnerabilities affecting Canadian organizations.

View alerts
All Resources
FAQ

Cybersecurity for Canadian Businesses

Common questions about cybersecurity requirements and resources for Canadian organizations.

What cybersecurity standards apply to Canadian small businesses?

The Canadian Centre for Cyber Security publishes the Baseline Cyber Security Controls for Small and Medium Organizations (ITSM.10.089), which defines 13 control areas as the minimum recommended security standard for Canadian SMBs. These controls cover incident response, patch management, authentication, data backup, network security, and more. Additionally, businesses that handle personal information must comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), which requires organizations to protect personal data and report breaches to the Office of the Privacy Commissioner of Canada.

Is there a free cybersecurity assessment for Canadian businesses?

Yes. Cybersecurity Canada offers a free online cybersecurity assessment based on the Canadian Centre for Cyber Security's 13 Baseline Controls. The assessment includes 50 questions, takes under 30 minutes, and provides an overall compliance score, letter grade, detailed breakdown by control area, and actionable recommendations. The tool is 100% confidential — all processing happens in your browser and no data is transmitted or stored.

What are the 13 Baseline Cyber Security Controls for Canadian organizations?

The 13 Baseline Controls defined by the Canadian Centre for Cyber Security are: (1) Incident Response Planning, (2) Patch Management, (3) Anti-Malware, (4) Secure Configuration, (5) Authentication, (6) Security Awareness Training, (7) Data Backup and Recovery, (8) Mobile Device Security, (9) Network and Perimeter Security, (10) Cloud Services Security, (11) Web Application Security, (12) Access Control and Authorization, and (13) Portable Media Security. These controls are designed to provide 80% of the security benefit from 20% of the effort, making them practical for organizations with limited resources.

How do I report a cyber incident in Canada?

Canadian organizations can report cyber incidents to the Canadian Centre for Cyber Security, which provides guidance and assistance during active incidents. Fraud and phishing should be reported to the Canadian Anti-Fraud Centre (CAFC) at 1-888-495-8501. If a breach involves personal information, organizations are required under PIPEDA to report to the Office of the Privacy Commissioner of Canada and notify affected individuals.

About

Helping Canadian Businesses Stay Secure

Cybersecurity Canada is a free community initiative by Cyber Unit, providing resources and assessment tools to help Canadian small and medium businesses understand and improve their cybersecurity posture, based on Government of Canada standards.

Take the Free Assessment