Castellan Information Security Services Inc

CPCSC / CMMC

Government of Canada defence contract requirements

What are CPCSC & CMMC Cybersecurity Certifications?

The Canadian Program for Cybersecurity Certification (CPCSC) and The Cybersecurity Maturity Model Certification (CMMC) are the Canadian and U.S. Federal Government programs responsible to strengthen the cybersecurity posture of the supply chain involved in the defense sector. Both programs have adopted well known security control standards to validate and certify companies involved in the defense supply chains.
The Canadian Government's website provides more explanation:

"In 2025 Canada introduced the Canadian industrial security standard, which describes security requirements for suppliers that bid or work on Government of Canada defence contracts. These requirements help to protect networks, systems and applications from malicious cyber activity, by enabling Canadian suppliers to better identify, assess, and manage cyber risks. This strengthens the resilience of our supply chain. Beginning in summer 2026, suppliers bidding on defence contracts may need to obtain Level 1 certification under the Canadian Program for Cyber Security Certification (CPCSC). The Canadian Program for Cyber Security Certification (CPCSC) - Level 1 sets a basic, reasonable level of "cyber hygiene" for suppliers that handle Certain types of sensitive, unclassified information on behalf of the Government of Canada."

CPCSC & CMMC Cybersecurity Certifications

What services does Castellan provide?

Castellan performs several services to help companies in the defence supply chain prepare for CPCSC or CMMC certification requirements:

Gap Analysis: Assess your company's security controls and cybersecurity posture against the standards required for CPCSC and CMMC certification.
Roadmap Development: Develop a tailored plan for your company to address gaps and implement required security controls to achieve certification.
Implementation of Security Controls: Work with your IT Team and/or IT Provider to develop and support the implementation of the required technical security controls to become certified.
Policy and Process Documentation Development: Develop and support the implementation of process documents to clearly illustrate to auditors that security controls are in place and working as intended.
Preparing for Self-Assessment and Getting Ready for Audit: Castellan experts can provide support to companies when attesting to the self-assessment requirements for level 1 certification as well as helping interpret questions and feedback from auditors during level 2 and level 3 certification.
Audit Remediation: We can also help your company manage and implement measures identified by the auditors needed to finalize certification.

What value can Castellan bring to your organization?

Expertise - Leveraging Castellan's cybersecurity compliance experts and experience will ensure requirements are interpreted accurately and the specific remediation measures needed for your organization are identified.
Save Time - Help from Castellan can lead you to becoming certified faster and not losing out on opportunities or existing supply chain arrangements
Reduced Workload for your IT Team - Internal IT resources are stretched managing daily system requirements and other priorities. Leaving this additional project to them to navigate alone could be risky.
Makes Business Sense - We can prevent your company from going down the wrong path with unnecessary remediation measures or not recognizing the gaps in your security program that could result in additional costs, delays or lost revenue.