CCCS Baseline Controls Mapping
Canadian Centre for Cyber Security · Baseline Controls v1.2 · 2025-2026
The Canadian Centre for Cyber Security's Baseline Controls provide minimum security standards for Canadian organizations. The NCTA 2025-2026 names DDoS-as-a-Service as a threat category, making network monitoring and incident response controls critical. This document shows exactly which controls Flowtriq satisfies.
6
Controls Addressed
5
Full Coverage
1
Partial Coverage
Control Mapping
| Control | Description | How Flowtriq Addresses It | Coverage |
|---|---|---|---|
| SC-1 | Network Monitoring | Per-packet PPS/BPS monitoring on every protected server with adaptive baselines. Real-time dashboard with traffic visualizations, anomaly indicators, and historical trends. Continuous 24/7 monitoring with 10-second reporting intervals. | Full |
| SC-2 | Intrusion Detection | Automated attack classification across 8+ families (UDP flood, SYN flood, DNS amplification, NTP reflection, HTTP flood, GRE flood, ICMP flood, fragmentation). L3/L4 per-packet analysis plus L7 application-layer detection. Confidence scoring for each detected attack. IOC pattern matching against known attack tool signatures. | Full |
| IR-1 | Incident Response Plan | Attack timeline with second-by-second PPS/BPS data. Automatic PCAP capture with pre-attack buffer for forensic evidence. 12+ native alert channels (Slack, Discord, PagerDuty, OpsGenie, email, SMS, Telegram, webhook) for automated escalation. Post-incident attack reports accessible via dashboard and API. | Full |
| IR-2 | Incident Detection & Analysis | Sub-second detection latency (vs 30-60 seconds for flow-based solutions). Attack fingerprinting with protocol breakdown and source IP distribution. IOC pattern matching for known DDoS tools. Severity scoring with confidence percentages. Service port awareness distinguishes attack traffic from legitimate service traffic. | Full |
| SR-1 | System Recovery | Automated mitigation via iptables, nftables, XDP/eBPF kernel-level filtering, BGP FlowSpec, and RTBH. Auto-unban when attack subsides (configurable cooldown). Baseline recalibration after traffic pattern changes. Service port rules keep legitimate traffic flowing during mitigation. | Full |
| AU-1 | Audit Logging | Full attack event logs with timestamps, attack classification, confidence, PPS/BPS metrics, and mitigation actions taken. PCAP evidence files for forensic analysis. REST API access for SIEM integration and external log aggregation. Dashboard audit trail of all configuration changes. | Partial |
Note on AU-1 coverage: Flowtriq provides comprehensive logging for DDoS-related events, attack evidence, and mitigation actions. General-purpose audit logging (user access logs, system change audits) for non-DDoS infrastructure is outside Flowtriq's scope and should be addressed by complementary tools.
Relevance to Canadian Organizations
NCTA 2025-2026 Context: The Canadian Centre for Cyber Security's National Cyber Threat Assessment explicitly calls out DDoS-as-a-Service as a named threat category. The proliferation of booter/stresser services means that any internet-facing Canadian organization is a potential target. CCCS Baseline Controls SC-1, SC-2, IR-1, and IR-2 directly address the detection and response capabilities needed to handle these threats.
Government RFPs: Canadian government procurement and federal RFPs increasingly reference CCCS Baseline Controls. Having a published compliance mapping demonstrates that your DDoS detection platform has been evaluated against these standards, simplifying the vendor assessment process.
Government RFPs: Canadian government procurement and federal RFPs increasingly reference CCCS Baseline Controls. Having a published compliance mapping demonstrates that your DDoS detection platform has been evaluated against these standards, simplifying the vendor assessment process.
Cover every CCCS baseline control
Deploy Flowtriq on your servers and satisfy SC-1, SC-2, IR-1, IR-2, and SR-1 out of the box.
Start Free Trial