The Canadian Centre for Cyber Security (Cyber Centre) has joined the Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC), and the following international partners in releasing updated cyber security guidance on obtaining secure digital products or services:
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- Republic of Korea National Intelligence Service (NIS) and NIS’ National Cyber Security Centre (NCSC-Korea)
- United Kingdom (UK) National Cyber Security Centre (NCSC-UK)
- United States’ Cybersecurity and Infrastructure Security Agency (CISA)
To protect users’ privacy and data from cyber threats, organizations must ensure they are choosing secure and verifiable technologies. When obtaining and operating digital products or services, organizations are responsible for evaluating suitability, security and associated risks.
This guidance includes 2 publications.
Choosing secure and verifiable technologies: Executive summary
This joint executive summary intends to summarize and inform senior leaders on the items they should consider during the procurement of digital products and services.
Read Choosing secure and verifiable technologies: Executive summary.
Choosing secure and verifiable technologies (version 2)
This updated joint guidance informs organizations of secure-by-design considerations for the procurement of digital products and services. It aims to assist organizations in making better-informed information and communication technology procurement assessments and decisions.
This joint guidance also signals to manufacturers the key security questions and expectations they can anticipate from their customers, ideally resulting in increased development of secure technologies.
Read Choosing secure and verifiable technologies (version 2).