HomeITSP.10.171 ControlsAccess Control › 03.01.02
ITSP.10.171 · 03.01.02

Access Enforcement

Level 1 (Mandatory April 2026)
AC — Access Control

Control Description

Enforce approved authorizations for logical access to information and system resources.

Assessment Objective

Verify that approved authorizations for logical access to specified information and system resources are enforced in accordance with applicable access control policies.

Assessment Scope

This control includes 2 determination statements that assessors evaluate during a CPCSC assessment. Each determination must be satisfied with documented evidence to demonstrate control effectiveness.

CPCSC Context

This is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all Department of National Defence (DND) contract awards. Level 1 is a self-attestation — no third-party assessor is required.

How Solymus Helps

Solymus maps your evidence directly to ITSP 03.01.02, providing tamper-evident, KMS-signed receipts for every artifact you upload. The platform generates audit-ready evidence packages with per-artifact verification URLs that assessors can independently validate.

Level 1 is free for a limited time — start your self-assessment today and build a cryptographic evidence chain before the April 2026 deadline.

Frequently Asked Questions

What is ITSP 03.01.02 (Access Enforcement)?

ITSP 03.01.02 is a security control in the Access Control family of ITSP.10.171, Canada's adaptation of NIST SP 800-171 Rev 3. It requires organizations to enforce approved authorizations for logical access to information and system resources.

Is ITSP 03.01.02 required for CPCSC Level 1?

Yes. ITSP 03.01.02 is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all DND contract awards.

How does Solymus help with this control?

Solymus provides a structured readiness assessment for ITSP 03.01.02, tamper-evident evidence collection with KMS-signed receipts, and exportable evidence packages that map directly to this control for audit submission.

Other AC — Access Control Controls

Start Your CPCSC Readiness Assessment

Free Level 1 assessment covers 13 controls. Build your tamper-evident evidence chain today.

Start Free (Level 1)