Solymus Blog

CPCSC compliance guides, ITSP.10.171 control breakdowns, AI governance updates, and practical advice for Canadian defence suppliers.

CPCSC Compliance

CPCSC Level 1 Is Mandatory April 2026 — What Defence Suppliers Need to Know

Starting next month, every new DND contract requires CPCSC Level 1 self-assessment at award. Here is what the 13 controls require, how the timeline unfolds, and what to do now.

March 29, 2026 · 8 min read

Coming Soon

ITSP.10.171

ITSP.10.171 Explained: Canada's 97-Control Cyber Security StandardComing Soon

A practical breakdown of the 17 control families and how they map to security practices you may already have in place.

Comparison

CPCSC vs. CMMC: A Side-by-Side Guide for Cross-Border SuppliersComing Soon

How Canada's CPCSC and the US CMMC compare — controls, timelines, assessor requirements, and what dual-compliance looks like.

AI Governance

EU AI Act + NIST AI RMF: Compliance for Defence AI SystemsComing Soon

How the EU AI Act and NIST AI Risk Management Framework apply to AI systems used in Canadian defence procurement.

Evidence

Tamper-Evident Evidence: Why Cryptographic Proof Matters for CPCSCComing Soon

How SHA-256 hashing, KMS signing, and Merkle chains create evidence that assessors and auditors can independently verify.