HomeITSP.10.171 ControlsSystem and Information Integrity › 03.14.01
ITSP.10.171 · 03.14.01

Flaw Remediation

Level 1 (Mandatory April 2026)
SI — System and Information Integrity

Control Description

Identify, report, and correct system flaws in a timely manner.

Assessment Objective

Verify that system flaws are identified, reported, corrected, and that security-relevant software and firmware updates are installed within defined time periods.

Assessment Scope

This control includes 5 determination statements that assessors evaluate during a CPCSC assessment. Each determination must be satisfied with documented evidence to demonstrate control effectiveness.

CPCSC Context

This is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all Department of National Defence (DND) contract awards. Level 1 is a self-attestation — no third-party assessor is required.

How Solymus Helps

Solymus maps your evidence directly to ITSP 03.14.01, providing tamper-evident, KMS-signed receipts for every artifact you upload. The platform generates audit-ready evidence packages with per-artifact verification URLs that assessors can independently validate.

Level 1 is free for a limited time — start your self-assessment today and build a cryptographic evidence chain before the April 2026 deadline.

Frequently Asked Questions

What is ITSP 03.14.01 (Flaw Remediation)?

ITSP 03.14.01 is a security control in the System and Information Integrity family of ITSP.10.171, Canada's adaptation of NIST SP 800-171 Rev 3. It requires organizations to identify, report, and correct system flaws in a timely manner.

Is ITSP 03.14.01 required for CPCSC Level 1?

Yes. ITSP 03.14.01 is one of the 13 controls required for CPCSC Level 1 self-assessment, mandatory from April 2026 for all DND contract awards.

How does Solymus help with this control?

Solymus provides a structured readiness assessment for ITSP 03.14.01, tamper-evident evidence collection with KMS-signed receipts, and exportable evidence packages that map directly to this control for audit submission.

Other SI — System and Information Integrity Controls

Start Your CPCSC Readiness Assessment

Free Level 1 assessment covers 13 controls. Build your tamper-evident evidence chain today.

Start Free (Level 1)