Solymus helps Canadian defence suppliers organize compliance evidence, map it to CPCSC controls, and prove it is tamper-evident and assessment-ready—before the deadline, not after.
Built for CPCSC | Based on ITSP.10.171
Your CPCSC assessment is in 90 days.
The assessor needs evidence mapped to ITSP.10.171 controls. Your team is still collecting spreadsheets and screenshots from three departments.
With Solymus, you export a complete evidence package with per-artifact verification links—mapped to CPCSC controls.
DND asks for proof of Level 1 readiness.
Your contract renewal depends on demonstrating basic cyber hygiene. You need to show which controls are met and which have gaps—with evidence, not promises.
With Solymus, your readiness dashboard shows coverage by control family, and every artifact has a cryptographic receipt.
A prime contractor audits your compliance posture.
They need to verify your evidence is authentic and hasn't been modified since submission. Trust isn't enough—they need proof.
With Solymus, every piece of evidence is tamper-evident. Assessors verify independently, no login required.
Your compliance team shouldn't spend weeks assembling binders. Solymus replaces fragile paper trails with signed, verifiable evidence your CPCSC assessors can check themselves.
Solymus is a CPCSC Readiness Platform built on cryptographic receipts. Organize evidence, track gaps, prove integrity, and be assessment-ready.
Upload policies, configurations, audit logs, and screenshots. Solymus maps each artifact to CPCSC controls based on ITSP.10.171, organized by control family.
Evidence mapped to controls automatically.
Real-time dashboard shows which controls are met, which have gaps, and what remediation is needed. Filter by control family to prioritize your work.
Gaps identified, remediation tracked.
Every artifact gets a SHA-256 hash signed with AWS KMS (ECDSA P-256). Records link into a daily Merkle chain. Tamper-evident by design—retroactive changes break the chain.
Cryptographic proof, not screenshots.
Export evidence packages with a verification URL for every artifact. Assessors verify independently—no login, no trust in Solymus required.
Assessors click, verify, done.
Built on the same infrastructure used by defence contractors: SHA-256 hashing, AWS KMS ECDSA P-256 signing, daily Merkle chain linking, and tamper-evident exports.
From evidence upload to assessment-ready export. Here's the step-by-step workflow for Canadian defence suppliers.
Sign up and create a workspace. Choose your CPCSC level (Level 1 or Level 2).
Upload policies, configurations, audit logs, and scan reports. Drag-drop or use the API.
Artifacts auto-map to ITSP.10.171 controls. Override with manual tags for exact mapping.
SHA-256 hash signed with AWS KMS (ECDSA P-256). Keys never leave the HSM. Evidence linked to daily Merkle chain.
Evidence index grouped by CPCSC control, with a verification URL for every artifact. Assessors verify from the export—no login required.
Built for defence suppliers, subcontractors, compliance consultants, and MSPs preparing for CPCSC assessment.
Every artifact gets a KMS-signed receipt with SHA-256 hash. Evidence integrity is mathematical, not organizational.
Public verification API lets CPCSC assessors, primes, and auditors check any receipt themselves. No login required—verification is cryptographic, not trust-based.
Daily Merkle chain linking means retroactive changes break the chain. Gaps and modifications are automatically detectable.
Evidence packages include the receipt, signature, Merkle proof, daily root, and public key needed for offline verification. Bundles remain verifiable independently.
Primary focus on CPCSC and ITSP.10.171. CMMC support is on our roadmap for Canadian suppliers with cross-border U.S. defence contracts.
Whether you're a defence supplier, subcontractor, compliance consultant, or MSP—Solymus organizes evidence the way assessors expect to see it.
Your assessors, primes, and auditors can check any receipt independently. No login required.
SHA-256 hash + AWS KMS ECDSA P-256. Keys never leave HSM.
Third parties verify receipts via export links. Evidence bundles work offline.
Evidence packages grouped by control, with verification URLs.
Choose the plan that matches your CPCSC certification level. All prices in CAD.
An event is a single evidence record (one artifact upload or API ingest call). Active access is the period you can query evidence via API and dashboard; after that, records are archived per our retention policy. All prices in Canadian dollars (CAD).
CPCSC (Canadian Program for Cyber Security Certification) is Canada's mandatory cybersecurity certification for Department of National Defence (DND) suppliers, taking effect April 2026. It is based on ITSP.10.171, Canada's adaptation of NIST SP 800-171 Rev 3. Solymus helps you organize evidence and prove readiness before your assessment.
No. Solymus is a CPCSC-focused readiness platform that helps you organize, track, and export assessment-ready evidence. Certification is determined by your CPCSC assessor. We give you the evidence trail; you own the compliance outcome.
Yes. Export packages include the receipt, cryptographic signature, Merkle proof, daily root, and verification instructions. Your assessor verifies mathematically without calling any Solymus API. Bundles work offline.
CMMC support is on our roadmap for Canadian suppliers with cross-border U.S. defence contracts. Our primary focus is CPCSC and ITSP.10.171. Since CPCSC and CMMC share roots in NIST 800-171, evidence organized for CPCSC will also support future CMMC readiness.
Today you upload evidence manually, via API, or via the Python SDK. Connectors are in development:
We'll announce connectors when they're production-ready.
Export bundles are self-contained. They include everything needed to verify the cryptographic signatures offline. No Solymus API, account, or infrastructure required.
CPCSC is mandatory for DND suppliers starting April 2026. Start organizing your evidence and tracking your readiness today.
Solymus provides tamper-evident evidence infrastructure that supports your CPCSC readiness program. Certification outcomes depend on your assessor's evaluation. See our Terms of Service for details.