Compliance · Canada

Protected B Medium Medium (PBMM) baseline on Cloudgenics images in-country.

The Canadian Centre for Cyber Security publishes ITSG-33, the IT security risk management framework, with profiles including Protected B Medium-Integrity Medium-Availability (PBMM). Treasury Board policy mandates this baseline for federal cloud workloads.

About the framework

What is Canada ITSG-33 / PBMM?

Canadian federal departments, provincial and territorial governments, Crown corporations and any supplier to federal cloud-hosted programs. ITSG-33 is also widely referenced by Canadian critical infrastructure operators.

Who it applies to

Government of Canada departments, provincial agencies, Crown corporations, federal contractors, and Canadian healthcare and financial services firms aligning to government baselines.

Cloudgenics mapping

How we satisfy Canada ITSG-33 / PBMM

PBMM control profile applied at image and platform layer
Canadian region residency on every supported cloud
Cryptographic controls per ITSG-40 / CSE guidance
OPC privacy guidance integration for personal information
Evidence pack ready for CCCS / TBS reviews

Evidence model

What auditors get on day one.

Mapped control catalogue

Every Canada ITSG-33 / PBMM requirement mapped to the Cloudgenics technical controls that satisfy it, with traceability.

Continuous evidence feed

Telemetry, configuration scans and audit logs streaming into a tamper-evident evidence store with retention aligned to the framework.

Walkthrough kit

Standardised auditor walkthrough materials — diagrams, run-books and policy templates — that fast-track the assessment.