What the Checklist Covers
This checklist walks you through the full CPCSC readiness process, from defining your system boundary to sustaining controls between assessments. If you’re preparing for Level 1 self-attestation it helps your team identify gaps, organize documentation, and map evidence against the 320+ assessment objectives assessors use to evaluate your program.
Who Should Use This Checklist
This checklist is designed for IT, security, and compliance professionals at Canadian businesses supplying goods or services to the Department of National Defence. It’s useful whether you’re starting your first gap assessment, preparing evidence for a Level 2 assessor, or confirming your controls are holding up between certification cycles.
If your organization handles Specified Information and hasn’t yet confirmed your CPCSC tier or started scoping your system boundary, this is the right place to start.
Why It Matters
CPCSC certification is now a contract requirement for National Defence suppliers, with Level 1 self-attestation mandatory at contract award from April 2026. A self-attestation submitted without adequate evidence is a compliance risk, not a formality. This checklist helps you operationalize your controls, collect the right evidence the first time, and demonstrate readiness with confidence rather than scrambling when a contract opportunity arrives.
What You Get
The download includes a plain-language checklist covering all six CPCSC control areas, specific evidence examples for each requirement, a pre-formatted evidence register mapping each of the 97 ITSP.10.171 controls to your documentation, and a six-month readiness timeline from initial gap assessment to Level 1 self-attestation.
Share
