HomeITSP.10.171 ControlsSystem and Communications Protection › 03.13.01
ITSP.10.171 · 03.13.01

Boundary Protection

Level 1 (Mandatory April 2026)
SC — System and Communications Protection

Control Description

Monitor and control communications at external and key internal managed interfaces.

Assessment Objective

Verify that external and internal interface communications are monitored and controlled, subnetworks for publicly accessible components are separated, and external connections use managed interfaces.

Assessment Scope

This control includes 6 determination statements that assessors evaluate during a CPCSC assessment. Each determination must be satisfied with documented evidence to demonstrate control effectiveness.

CPCSC Context

This is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all Department of National Defence (DND) contract awards. Level 1 is a self-attestation — no third-party assessor is required.

How Solymus Helps

Solymus maps your evidence directly to ITSP 03.13.01, providing tamper-evident, KMS-signed receipts for every artifact you upload. The platform generates audit-ready evidence packages with per-artifact verification URLs that assessors can independently validate.

Level 1 is free for a limited time — start your self-assessment today and build a cryptographic evidence chain before the April 2026 deadline.

Frequently Asked Questions

What is ITSP 03.13.01 (Boundary Protection)?

ITSP 03.13.01 is a security control in the System and Communications Protection family of ITSP.10.171, Canada's adaptation of NIST SP 800-171 Rev 3. It requires organizations to monitor and control communications at external and key internal managed interfaces.

Is ITSP 03.13.01 required for CPCSC Level 1?

Yes. ITSP 03.13.01 is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all DND contract awards.

How does Solymus help with this control?

Solymus provides a structured readiness assessment for ITSP 03.13.01, tamper-evident evidence collection with KMS-signed receipts, and exportable evidence packages that map directly to this control for audit submission.

Other SC — System and Communications Protection Controls

Start Your CPCSC Readiness Assessment

Free Level 1 assessment covers 13 controls. Build your tamper-evident evidence chain today.

Start Free (Level 1)