HomeITSP.10.171 ControlsIdentification and Authentication › 03.05.01
ITSP.10.171 · 03.05.01

User Identification, Authentication, and Re-authentication

Level 1 (Mandatory April 2026)
IA — Identification and Authentication

Control Description

Uniquely identify and authenticate system users, and re-authenticate when required.

Assessment Objective

Verify that users are uniquely identified, authenticated, processes are associated with authenticated users, and re-authentication occurs when required.

Assessment Scope

This control includes 4 determination statements that assessors evaluate during a CPCSC assessment. Each determination must be satisfied with documented evidence to demonstrate control effectiveness.

CPCSC Context

This is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all Department of National Defence (DND) contract awards. Level 1 is a self-attestation — no third-party assessor is required.

How Solymus Helps

Solymus maps your evidence directly to ITSP 03.05.01, providing tamper-evident, KMS-signed receipts for every artifact you upload. The platform generates audit-ready evidence packages with per-artifact verification URLs that assessors can independently validate.

Level 1 is free for a limited time — start your self-assessment today and build a cryptographic evidence chain before the April 2026 deadline.

Frequently Asked Questions

What is ITSP 03.05.01 (User Identification, Authentication, and Re-authentication)?

ITSP 03.05.01 is a security control in the Identification and Authentication family of ITSP.10.171, Canada's adaptation of NIST SP 800-171 Rev 3. It requires organizations to uniquely identify and authenticate system users, and re-authenticate when required.

Is ITSP 03.05.01 required for CPCSC Level 1?

Yes. ITSP 03.05.01 is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all DND contract awards.

How does Solymus help with this control?

Solymus provides a structured readiness assessment for ITSP 03.05.01, tamper-evident evidence collection with KMS-signed receipts, and exportable evidence packages that map directly to this control for audit submission.

Other IA — Identification and Authentication Controls

Start Your CPCSC Readiness Assessment

Free Level 1 assessment covers 13 controls. Build your tamper-evident evidence chain today.

Start Free (Level 1)