Control Description
Identify and authenticate devices before establishing connections.
Assessment Objective
Verify that specified devices are uniquely identified and authenticated before establishing a system connection.
Assessment Scope
This control includes 2 determination statements that assessors evaluate during a CPCSC assessment. Each determination must be satisfied with documented evidence to demonstrate control effectiveness.
CPCSC Context
This is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all Department of National Defence (DND) contract awards. Level 1 is a self-attestation — no third-party assessor is required.
How Solymus Helps
Solymus maps your evidence directly to ITSP 03.05.02, providing tamper-evident, KMS-signed receipts for every artifact you upload. The platform generates audit-ready evidence packages with per-artifact verification URLs that assessors can independently validate.
Level 1 is free for a limited time — start your self-assessment today and build a cryptographic evidence chain before the April 2026 deadline.
Frequently Asked Questions
What is ITSP 03.05.02 (Device Identification and Authentication)?
ITSP 03.05.02 is a security control in the Identification and Authentication family of ITSP.10.171, Canada's adaptation of NIST SP 800-171 Rev 3. It requires organizations to identify and authenticate devices before establishing connections.
Is ITSP 03.05.02 required for CPCSC Level 1?
Yes. ITSP 03.05.02 is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all DND contract awards.
How does Solymus help with this control?
Solymus provides a structured readiness assessment for ITSP 03.05.02, tamper-evident evidence collection with KMS-signed receipts, and exportable evidence packages that map directly to this control for audit submission.
Start Your CPCSC Readiness Assessment
Free Level 1 assessment covers 13 controls. Build your tamper-evident evidence chain today.
Start Free (Level 1)