Compliance

CPCSC compliance, built for Canada’s defence supply chain

Mycroft’s Risk Operations Center removes the operational burden, helping you meet CPCSC requirements and secure Government of Canada defence contracts with confidence.

Book a demo

Why CPCSC matters to you

CPCSC certification is becoming a requirement to bid on Government of Canada defence contracts, ensuring your organization protects the sensitive and controlled information entrusted to the defence supply chain.

Protect contract eligibility

As CPCSC rolls out, certification will be required to bid on or maintain Department of National Defence contracts, with the level set by the sensitivity of the work.

Safeguard sensitive data

CPCSC enforces controls based on Canadian (CAN/CIOSC) cyber security standards to protect controlled and sensitive information from unauthorized access.

Strengthen competitive positioning

Suppliers that achieve certification early gain an advantage in securing and retaining Government of Canada defence contracts.

Book a demo

Features

Mycroft’s AI platform solutions for CPCSC

A unified platform designed to operationalize CPCSC requirements without adding internal workload.

Risk assessment

Identify, evaluate, and track organizational risks through a centralized platform designed to simplify remediation planning, ownership tracking, and ongoing risk management.

Book a demo

Cloud Security

Monitor cloud environments for security gaps, compliance risks, and misconfigurations with continuous visibility designed to strengthen your overall cloud security posture.

Book a demo

Security training

Deliver security awareness and compliance training programs that help employees reduce human risk while supporting audit and regulatory requirements.

Book a demo

Additional features for CPCSC

Integrated capabilities to manage security, compliance, and risk across your organization.

AI policy generator

Produce and iterate clear, auditable policy documents

Custom controls

Create controls and tests tailored to your journey

Risk insight reports

Delivers reports prioritizing risks, actioned by Mycroft Agents

App security

Secure application code and runtime

Security questionnaires

Streamline vendor security assessments

Support and live chat

Real-time assistance for security issues

Third party risk management

Assess and monitor vendor risk

Policy center

Centralized, versioned compliance
policies

Automatic evidence collection

Gathers and stores evidence

Client Testimonial

“

Mycroft's 5-in-1 platform seamlessly consolidated our entire security stack, eliminating the need for multiple point solutions and endless checklists.”

Adam Cohen

CEO of WEAVE

Unlock other frameworks

Achieve CPCSC compliance with Mycroft and take advantage of the head start gained in other industry frameworks.

Frequently asked questions

Answers that help customers with CPCSC compliance

CPCSC (Canadian Program for Cyber Security Certification) is a Government of Canada program that requires defence suppliers to certify their cyber security controls in order to protect sensitive information used in defence contracts.

CPCSC uses tiered levels of increasing rigour:
Level 1 covers fundamental safeguards through self-assessment
Level 2 requires third-party certification aligned to Canadian (CAN/CIOSC) cyber security standards
Level 3 adds the highest assurance for the most sensitive information

If you bid on or hold Government of Canada defence contracts that call for it, you must achieve the required CPCSC level to remain eligible.

Timelines vary by level and current readiness, but most organizations take several months. With the right approach, that timeline can be significantly reduced.

Mycroft supports compliance across all levels by handling policy creation, control implementation, and evidence collection, so your team isn’t burdened with execution.

We turn the CMMC nightmare into a dream

Get a free readiness assessment