CSE, as the lead security agency and national authority for COMSEC, is responsible for the development, approval and promulgation of COMSEC policy instruments.
The overarching policy instruments are Information Technology Security Directives (ITSD). These are authoritative publications that contain high-level, long-term direction on COMSEC; as such they are the master reference material for federal government and private sector clients.
- IT Security Directive for the Application of Communications Security Using CSE-Approved Solutions (ITSD-01A) provides baseline COMSEC requirements for the use of CSE - approved COMSEC solutions.
- IT Security Directive for the Control of COMSEC Material in the Government of Canada (ITSD-03A) provides the minimum security requirements for the control and management of COMSEC material authorized by the CSE for use by the GC.
- Annex B – Government of Canada Enterprise COMSEC Management and Accountability provides direction to the different Government of Canada departments that are now part of an enterprise services organization.
- IT Security Directive for the Management of CSE-Approved Cryptographic Equipment and Key to Secure a Telecommunications Network (ITSD-04A) provides the minimum security requirements for the control and handling of CSE-approved COMSEC equipment and cryptographic key used to protect classified and PROTECTED C information on a telecommunication network.
- IT security directive for reporting and evaluating communications security (COMSEC) incidents (ITSD-05A) provides minimum requirements for reporting and evaluating incidents involving COMSEC material.
- IT Security Directive for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06A) provides the minimum security requirements for the control and management of COMSEC material authorized by CSE for use by a Canadian private sector client within Canada.
- IT Security Directive for the Control and Management of In-Process COMSEC Material (ITSD-08)
- IT Security Directive for Cryptographic Key Ordering (ITSD-09)
- Mandatory GC Quantum Computing Threat Mitigation (ITSB-127)
In addition to ITSDs, Federal departments, Other Levels of Government (OLG) and private sector clients requiring access to such COMSEC material must comply to both the Canadian Controlled Goods Program (CGP) and the United States (U.S.) International Traffic in Arms Regulations (ITAR).