Cookies help us to understand how you use our website so that we can provide you with the best experience when you are on our site. To find out more, read our privacy policy and cookie policy.
A cookie is information stored on your computer by a website you visit. Cookies often store your settings for a website, such as your preferred language or location. This allows the site to present you with information customized to fit your needs. As per the GDPR law, companies need to get your explicit approval to collect your data. Some of these cookies are ‘strictly necessary’ to provide the basic functions of the website and can not be turned off, while others if present, have the option of being turned off. Learn more about our Privacy and Cookie policies. These can be managed also from our cookie policy page.
Skip To
Page Outlines
Loading...
IE10 and below are not supported.
Contact us for any help on browser support
Consultation on discussion paper DIS-21-03, Cyber Security and the Protection of Digital Information, is open from July 7 to October 7, 2021.
Discussion papers play an important role in the selection and development of the regulatory framework and regulatory program of the Canadian Nuclear Safety Commission (CNSC). They are used to solicit early public feedback on CNSC policies or approaches.
The use of discussion papers early in the regulatory process underlines the CNSC’s commitment to a transparent consultation process.
Discussion papers are available for public comment for a specified period. At the end of the comment period, CNSC staff review all public input and will consider all feedback received from this consultation process in determining its regulatory approach.
How to Participate:
CNSC would like to hear comments from you on the questions listed in the discussion paper below. Please click on the specific question(s) you are interested in, and it will bring you to a discussion forum where you can submit your comments.
Consultation on discussion paper DIS-21-03, Cyber Security and the Protection of Digital Information, is open from July 7 to October 7, 2021.
Discussion papers play an important role in the selection and development of the regulatory framework and regulatory program of the Canadian Nuclear Safety Commission (CNSC). They are used to solicit early public feedback on CNSC policies or approaches.
The use of discussion papers early in the regulatory process underlines the CNSC’s commitment to a transparent consultation process.
Discussion papers are available for public comment for a specified period. At the end of the comment period, CNSC staff review all public input and will consider all feedback received from this consultation process in determining its regulatory approach.
How to Participate:
CNSC would like to hear comments from you on the questions listed in the discussion paper below. Please click on the specific question(s) you are interested in, and it will bring you to a discussion forum where you can submit your comments.
Do you agree with the proposed model for managing prescribed information electronically?
Could this model be used to manage all sensitive information generated by your organization?
Do you agree with the proposed manner for the identification, classification and marking of sensitive information (including prescribed information) that you manage? Why? Why not?
Please identify any impacts that would arise if the CNSC would make the suggested practices mandatory.
What specific standards or guidance have you implemented to protect the prescribed information and other sensitive information on your information systems?
Are there additional sources of guidance for protecting your information systems that would be suitable to you?
Would your organization be able to implement the example measures listed above?
What specific measures have you implemented to protect the prescribed information you are managing while not in use?
What are your thoughts concerning the examples of guidance provided?
Are there additional sources of guidance for disposal that would be suitable to reference?
1. Information
1.1 Scope
1.2 Pre-consultation activities to date
1.3 Document organization
2. Information Protection for CNSC-Licensed Activities
3. Principles of Information Protection
3.1 Definition of prescribed information
3.2 Sensitive information and sensitive information asset definitions
3.3 Information protection objectives
3.4 Information protection scope
3.5 Proposed lifecycle for information and specific considerations
3.5.1 Create phase
3.5.2 Identifying sensitive information
3.5.3 Classifying and marking sensitive information
Q1. Do you agree with the proposed model for managing prescribed information electronically?
Q2. Could this model be used to manage all sensitive information generated by your organization?
3.5.4 Using sensitive information
Q7. Would your organization be able to implement the example measures listed above?
3.5.5 Storing and disposing of sensitive information
Q9. What are your thoughts concerning the examples of guidance provided?
Q10. Are there additional sources of guidance for disposal that would be suitable to reference?
3.6 Incident response and reporting
Q12. What impacts and challenges do you foresee implementing the suggested measures?
Q13. Are there any other measures that you believe should be included?
3.7 Evaluating effectiveness and continuous improvement
4. Cyber Security for CNSC-Licensed Activities
4.1 Identifying other possible at-risk licensed activities
4.2 Proposed way forward for other possible at-risk licensees
5. Principles: Cyber Security Program, Cyber Security Measures, Graded Approach, Defence in Depth
5.1 Cyber security program
5.2 Cyber security measures
5.3 Risk-informed graded approach
5.4 Defence in depth
6. Potential Cyber Security Requirements for High-Security Sites
7. Potential Cyber Security Requirements and Guidance for Protection of Facilities (Including Research Reactors) Having Category III Nuclear Material, and Class IB Accelerators
8. Potential Cyber Security Requirements and Guidance for Nuclear Substance Licensees
8.1 Potential cyber security requirements and guidance for the protection of physical protection systems
Q19. What measures have you implemented to protect your physical security measures from cyber attack?
8.2 Potential cyber security requirements and guidance for safety, emergency preparedness and safeguards
Q23. What impacts would these potential requirements and guidance have on your licensed activities?
9. Potential Cyber Security Requirements and Guidance for Entities Who Transport or Arrange the Transport of Nuclear Material or Sealed Sources
9.1 Potential cyber security requirements and guidance for entities who transport or arrange the transport of Category I, II and III Nuclear Materials
9.2 Potential cyber security requirements and guidance for entities who transport or arrange the transport of Category 1 and 2 Sealed Sources
Appendix A: Examples of Nuclear Information and Recommended Classification Level
References
Additional Information
