{"id":205858,"date":"2026-04-24T05:51:00","date_gmt":"2026-04-24T09:51:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/24\/kiteworks-enables-80-coverage-of-canadas-cpcsc-cybersecurity-certification-controls-streamlining-defense-supplier-compliance\/"},"modified":"2026-04-25T14:10:48","modified_gmt":"2026-04-25T18:10:48","slug":"kiteworks-enables-80-coverage-of-canadas-cpcsc-cybersecurity-certification-controls-streamlining-defense-supplier-compliance","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/24\/kiteworks-enables-80-coverage-of-canadas-cpcsc-cybersecurity-certification-controls-streamlining-defense-supplier-compliance\/","title":{"rendered":"Kiteworks Enables 80% Coverage of Canada\u2019s CPCSC Cybersecurity Certification Controls, Streamlining Defense Supplier Compliance"},"content":{"rendered":"

Kiteworks Enables 80% Coverage of Canada\u2019s CPCSC Cybersecurity Certification Controls, Streamlining Defense Supplier Compliance<\/a><\/p>\n

https:\/\/www.cybersecurity-insiders.com\/kiteworks-enables-80-coverage-of-canadas-cpcsc-cybersecurity-certification-controls-streamlining-defense-supplier-compliance\/<\/a><\/p>\n

Publish Date: 2026-04-24 05:51:00<\/a><\/p>\n

Source Domain: www.cybersecurity-insiders.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Kiteworks has announced broad support for the Canadian Program for Cyber Security Certification (CPCSC), positioning its platform to help defense suppliers meet the country\u2019s new mandatory cybersecurity requirements. As Canada begins introducing Level 1 self-assessment obligations into select defense contracts in Summer 2026\u2014with Level 2 and Level 3 certifications to follow\u2014the company\u2019s pre-mapped ITSP.10.171 controls, Canadian deployment flexibility, and automated audit evidence capabilities are designed to accelerate compliance and preserve contract eligibility.
\nThe CPCSC framework, overseen by Public Services and Procurement Canada in collaboration with the Department of National Defence, the Standards Council of Canada, and the Canadian Centre for Cyber Security, mandates that defense suppliers handling sensitive but unclassified government information certify against ITSP.10.171. This standard is Canada\u2019s adaptation of NIST SP 800-171.
\nThe certification model is structured across three progressive levels:<\/p>\n

Level 1 requires suppliers to complete an annual self-assessment covering 13 foundational controls
\nLevel 2 introduces third-party assessments every three years across 98 controls, along with annual affirmations
\nLevel 3 expands to 200 controls, assessed triennially by the Government of Canada<\/p>\n

Failure to achieve certification will disqualify suppliers from participating in defense procurement. Data from the United States\u2014based on the same NIST 800-171 framework\u2014highlights the scale of readiness challenges: fewer than half of contractors report preparedness for Level 2, while many have yet to complete gap analyses or implement sufficient governance controls.
\nCPCSC\u2019s alignment with NIST SP 800-171 is intended to promote interoperability across Five Eyes partners and allow Canadian defense suppliers to demonstrate equivalent security postures to organizations certified under the U.S. Cybersecurity Maturity Model Certification (CMMC). For organizations pursuing contracts in both countries, the shared control baseline enables efficiencies, as investments in one certification pathway directly support the other.
\n\u201cCanadian defense suppliers face the same NIST 800-171 control requirements that have challenged U.S. contractors for years\u2014but with the added complexity of Canadian data sovereignty obligations and the reality that Levels 2 and 3 are still under development,\u201d said Frank Balonis, CISO and SVP of Operations at Kiteworks. \u201cKiteworks has been helping defense contractors navigate CMMC certification since the program\u2019s inception. CPCSC is built on the same foundational standard, which means our pre-mapped controls, our FedRAMP-validated security architecture, and our compliance evidence generation work for both programs from a single deployment. Canadian suppliers don\u2019t need to start from scratch\u2014they need a platform that\u2019s already proven against these exact requirements.\u201d
\nKiteworks outlined several platform capabilities aimed at supporting CPCSC compliance:
\n\u2022 Pre-mapped ITSP.10.171 controls: The platform supports 79 out of 98 Level 2 controls, covering critical domains such as access control, audit and accountability, identification and authentication, media protection, system and communications protection, system and information integrity, and supply chain risk management. The remaining controls primarily relate to organizational and physical measures, including personnel policies and training.
\n\u2022 Comprehensive audit logging: The system captures all file interactions and policy actions in real time without throttling or additional licensing requirements. Integration with SIEM tools via syslog and a native Splunk Forwarder enables rapid delivery of audit evidence for certification assessments.
\n\u2022 Canadian data sovereignty support: Deployment options include on-premises environments, private cloud infrastructure within Canadian data centers, or hybrid models. Features such as single-tenant architecture, customer-managed encryption keys, and geofencing ensure sensitive data remains within Canadian jurisdiction.
\n\u2022 FIPS 140-3 validated encryption: The platform employs AES-256 double encryption for data at rest and TLS 1.3 for data in transit, meeting ITSP.10.171 confidentiality requirements through validated cryptographic modules.
\n\u2022 Dual CPCSC and CMMC certification readiness: Given the technical equivalence between ITSP.10.171 and NIST SP 800-171, a single deployment can support both Canadian CPCSC and U.S. CMMC certification efforts. Kiteworks\u2019 FedRAMP Authorization and CMMC 2.0 compliance reporting further support cross-border defense procurement.
\n\u2022 Defense-in-depth architecture: A hardened virtual appliance integrates firewall, web application firewall (WAF), and AI-driven intrusion detection capabilities. A deny-by-default network posture and zero-trust segmentation model address key boundary protection and system integrity requirements.
\n\u2022 Unified secure data exchange platform: Kiteworks consolidates multiple communication and data transfer channels\u2014including email, file sharing, managed file transfer, SFTP, web forms, APIs, and AI integrations\u2014into a single control plane governed by centralized policies, logging, and security architecture.
\nA full CPCSC Solution Guide, including a detailed mapping of all 98 ITSP.10.171 Level 2 controls, is available here.
\n______
\nAbout Kiteworks
\nKiteworks\u2019 mission is to empower organizations to effectively manage risk in every send, share, receive, and use of private data. The Kiteworks platform provides customers with a secure data exchange that delivers data governance, compliance, and protection in a unified control plane. Kiteworks unifies, tracks, controls, and secures sensitive data moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all private data exchanges. Headquartered in Silicon Valley, Kiteworks protects over 100 million end-users and thousands of global enterprises and government agencies.
\nMedia Contact
\nDavid Schutzman
\nPR Manager
\n[email\u00a0protected]<\/p>\n

Join our LinkedIn group Information Security Community!<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Kiteworks Enables 80% Coverage of Canada\u2019s CPCSC Cybersecurity Certification Controls, Streamlining Defense Supplier Compliance https:\/\/www.cybersecurity-insiders.com\/kiteworks-enables-80-coverage-of-canadas-cpcsc-cybersecurity-certification-controls-streamlining-defense-supplier-compliance\/…<\/p>\n","protected":false},"author":1,"featured_media":205859,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cybersecurity-insiders.com\/wp-content\/uploads\/CSI-kiteworks-Enables-Coverage.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24],"class_list":["post-205858","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/205858"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=205858"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/205858\/revisions"}],"predecessor-version":[{"id":205860,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/205858\/revisions\/205860"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/205859"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=205858"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=205858"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=205858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}