Baseline cyber security controls for small and medium organizations

Designation Number:
CAN/DGSI 104:2021 (Rev 2024)
Standard Type:
National Standard of Canada - Domestic
Standard Development Activity:
Amendment Revision
ICS code(s):
03.100.01; 35.030
Status:
Proceeding to development
SDO Comment Period Start Date:
SDO Comment Period End Date:
Posted On:

Scope:

Scope
This Standard specifies a minimum set of cyber security controls intended for small and medium organizations which typically have less than 500 employees.

Project need:

Project Need
This national standard underpins the Innovation, Science and Economic Development Canada Cybersecure Canada certification program. The program promotes the adoption of a Canadian cyber security certification by supporting the development of this practical standard which is low-burden, easily accessible, affordable, effective, national in scope, and sector neutral. The repercussions of cyberattacks are far-reaching and costly. Ideally, organizations invest in cyber security to balance their individual cyber security risks and business objectives. However, smaller sized organizations often lack the knowledge, technical expertise and resources to develop customized cyber security regimes, or do not have the awareness of the vulnerabilities that are present in their systems. This standard outlines security controls which can serve as a cyber security baseline for these organizations. By using this standard, small and medium organizations can - improve their cyber security posture and limit the impacts of cyber incidents - enhance their competitive advantage and attract new business - reassure their customers and investors that their information is protected - improve their cybersecurity knowledge

Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.

Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.