Baseline Controls News Resources Glossary About
Free Assessment
Home / Baseline Controls

Canada's 13 Baseline Cyber Security Controls

The Canadian Centre for Cyber Security's recommended minimum security standard for small and medium organizations (ITSM.10.089). Explore each control area below.

Assess All 13 Controls View Official Document

The Canadian Centre for Cyber Security (CCCS) publishes the Baseline Cyber Security Controls for Small and Medium Organizations as the minimum recommended security standard for Canadian businesses. The controls are designed using the 80/20 principle — achieving 80% of the security benefit from 20% of the effort — making them practical for organizations with limited cybersecurity resources.

Each control area below includes an overview of what the CCCS guidance recommends, why it matters for Canadian businesses, and how to get started. Our free assessment tool evaluates your organization across all 13 control areas.

🚨
Incident Response
BC.1
🔄
Patch Management
BC.2
🦠
Anti-Malware
BC.3
⚙️
Secure Configuration
BC.4
🔐
Authentication
BC.5
🎓
Security Awareness
BC.6
💾
Data Backup
BC.7
📱
Mobile Devices
BC.8
🌐
Network Security
BC.9
☁️
Cloud Services
BC.10
🌍
Web Security
BC.11
👥
Access Control
BC.12
💽
Portable Media
BC.13

Assess Your Organization Across All 13 Controls

Our free assessment evaluates your cybersecurity posture against the Canadian Centre for Cyber Security's Baseline Controls. 50 questions, under 30 minutes, 100% confidential.

Take the Free Assessment