Baseline Cyber Security Controls for Small and Medium Organizations

CAN/CIOSC 104: 2021

What this Standard Covers

This Standard specifies a minimum set of cyber security controls intended for small and medium organizations, which typically have less than 500 employees. 

About this Standard

Edition

FIRST

Year Published

2021

Intended for Conformity Assessment?

Yes

Comment on this standard

Drafts available for public review appear below

Draft number: D2
Date posted: 2024-03-07
Comments due by: 2024-03-28

Download This Standard

Our standards are always free for non-commercial use.

Note that all standards published before January 30, 2023 remain valid and designated CIOSC under the authority of the CIO Strategy Council. These standards when updated as new editions will be published by the Digital Governance Standards Institute. 

An interpretation has been added to this standard to clarify the meaning of a term used

HT Mega Addons

Current Status

Standard Proposed

In Development

Published

Annual Maintenance

This standard is subject to technical committee review beginning no later than one year from the date of publication. The completion of the review may result in a new edition, revision, reaffirmation or withdrawal of the standard. 

Looking for a different standard?

See all standards currently in development or undergoing maintenance in our full Work Program

Scroll to Top

This website uses cookies to improve your experience. By using our website you agree to our Cookie Policy

This website uses cookies to improve your experience. By using our website you agree to our Cookie Policy