HomeITSP.10.171 ControlsAwareness and Training › 03.02.02
ITSP.10.171 · 03.02.02

Role-Based Training

Level 2 (Required April 2027)
AT — Awareness and Training

Control Description

The Role-Based Training control (03.02.02) within the Awareness and Training family establishes requirements for Canadian defence suppliers handling controlled information under ITSP.10.171 / CPCSC.

Assessment Objective

Assessors verify that the organization has implemented and documented role-based training practices consistent with ITSP.10.171 requirements, and that evidence demonstrates ongoing control effectiveness.

CPCSC Context

This control is part of the full 97-control ITSP.10.171 baseline required for CPCSC Level 2 third-party certification, expected to be mandatory from April 2027. Organizations should begin preparing now to ensure readiness.

How Solymus Helps

Solymus maps your evidence directly to ITSP 03.02.02, providing tamper-evident, KMS-signed receipts for every artifact you upload. The platform generates audit-ready evidence packages with per-artifact verification URLs that assessors can independently validate.

Begin with free Level 1 to establish your evidence chain, then upgrade to Level 2 when you need full 97-control coverage and third-party assessment readiness.

Frequently Asked Questions

What is ITSP 03.02.02 (Role-Based Training)?

ITSP 03.02.02 is a security control in the Awareness and Training family of ITSP.10.171, Canada's adaptation of NIST SP 800-171 Rev 3. It requires organizations to the Role-Based Training control (03.02.02) within the Awareness and Training family establishes requirements for Canadian defence suppliers handling controlled information under ITSP.10.171 / CPCSC.

Is ITSP 03.02.02 required for CPCSC Level 1?

No. ITSP 03.02.02 is required at CPCSC Level 2 (third-party certification, April 2027) but is not in the Level 1 subset of 13 controls.

How does Solymus help with this control?

Solymus provides a structured readiness assessment for ITSP 03.02.02, tamper-evident evidence collection with KMS-signed receipts, and exportable evidence packages that map directly to this control for audit submission.

Other AT — Awareness and Training Controls

Start Your CPCSC Readiness Assessment

Free Level 1 assessment covers 13 controls. Build your tamper-evident evidence chain today.

Start Free (Level 1)