HuCortex

CPCSC Readiness

Your next defence contract has a new requirement.

From summer 2026, defence suppliers without CPCSC compliance lose eligibility for a growing set of National Defence contracts. HuCortex gets you assessed, attested, and continuously compliant, with senior operators on the hook for the outcome.

Book a readiness callSee the program

No commitment. A 45-minute call with a certified HuCortex consultant.

April 2026
Level 1 is live
Summer 2026
Mandatory in select DND contracts
Spring 2027
Level 2 mandate begins
13 / 98 / 200
Controls across Levels 1, 2, and 3

What is CPCSC

Canada's mandatory cybersecurity standard for defence suppliers.

The Canadian Program for Cyber Security Certification sets the cybersecurity bar suppliers must meet to win and keep National Defence contracts. It rolls out in three levels, and the first deadlines are already here. We make readiness practical, provable, and ongoing.

Live, April 2026

Level 1

  • 13 controls, a cyber-hygiene baseline
  • Self-assessed annually
  • Self-attestation in Canada Buys before contract award
  • Mandatory in select DND contracts from summer 2026

Mandate from spring 2027

Level 2

  • 98 controls, third-party assessed
  • Valid for three years with annual affirmation
  • Requires an SCC-accredited certification body

From April 2027

Level 3

  • 200 controls, government-conducted assessments
  • For weapons systems, critical infrastructure, and Five Eyes intelligence sharing
  • Not available through private firms

How we help

Everything you need to get compliant, and stay compliant.

Readiness Assessment

We map your gaps against the 13 Level 1 and 98 Level 2 controls, and hand you a prioritized plan.

System Security Plan

We develop or review your System Security Plan so it stands up to assessment.

Level 1 Self-Attestation

Guided self-attestation and Canada Buys profile preparation, done right the first time.

Level 2 Preparation

Hands-on preparation with mock assessments, so there are no surprises on the day.

Continuous Compliance Monitoring

Our managed security service keeps your posture compliant and provable between assessments.

CMMC Bridge Advisory

For U.S. suppliers, we bridge CMMC and CPCSC so one program of work satisfies both.

Who it is for

Built for Canadian defence suppliers, especially small and mid-sized ones.

  • Aerospace and Defence
  • Defence IT
  • Engineering and Manufacturing
  • Professional Services
  • Telecommunications
  • Research and Development
  • Cybersecurity and Intelligence
  • Logistics

How we engage

From first call to ongoing compliance.

  1. 01

    Discovery call

    A 45-minute call to understand your contracts, your timeline, and your current posture.

  2. 02

    Gap assessment

    A two-week turnaround that maps you against the controls and prioritizes the work.

  3. 03

    Implementation support

    We do the work with you: policies, controls, the System Security Plan, and the evidence.

  4. 04

    Attestation and monitoring

    We get you attested or assessed, then keep you compliant with continuous monitoring.

Why HuCortex

The right partner for Canadian compliance.

  • Deep NIST and ITSP.10.171 expertise, aligned with the Canadian standard
  • Certified zero-trust architects who implement, not just advise
  • Governance built in from the start, not bolted on
  • Real-time posture monitoring between assessments
  • Focused on small and mid-sized suppliers
  • Pursuing SCC accreditation for Level 2

Start here

Find out where you stand, in 45 minutes.

Book a no-commitment readiness call with a certified HuCortex consultant, or send a note and we will come back within one business day.

Book a readiness call

The first Level 1 deadlines land in summer 2026.

Confidential. A certified consultant replies within one business day.