Cybersecurity certification for Canadian defence suppliers.
Axontrack is a Canadian specialist consultancy helping defence suppliers achieve Canadian Program for Cyber Security Certification (CPCSC) compliance and maintain the cybersecurity posture their contracts require.
What we do
Axontrack's work centers on Canadian defence cybersecurity certification: helping suppliers achieve Canadian Program for Cyber Security Certification (CPCSC) compliance at Level 1 and Level 2, preparing dual-market suppliers for Cybersecurity Maturity Model Certification (CMMC) alignment, and providing strategic cybersecurity advisory to defence primes and government organizations. All engagements are fixed-scope with defined deliverables, scoped following an initial consultation.
Who we work with
We focus on Canadian SMEs in the defence supply chain, facing CPCSC requirements for the first time and working against contract deadlines without deep internal cybersecurity resources. Axontrack also works with security and operations leaders at Canadian defence primes and defence-technology firms that need specialist controls implementation or cybersecurity advisory beyond what their internal teams can provide. A third group is procurement and capability teams at allied defence agencies and Canadian federal departments looking for Canadian-sourced cybersecurity expertise.
In-person and remote options
Our office is located just outside downtown Vancouver.
Services
CPCSC Level 1 readiness Gap analysis and documentation support for annual self-attestation against the thirteen baseline cybersecurity requirements. For suppliers entering the defence supply chain or responding to contract requirements effective April 2026.
CPCSC Level 2 readiness and implementation Controls implementation, System Security Plan (SSP) and Plans of Action and Milestones (POA&M) documentation, and preparation for triannual third-party assessment against Information Technology Security Guidance ITSP.10.171.
CMMC Level 2 cross-mapping Integrated workstream for Canadian suppliers operating in both Canadian and United States Department of Defense markets, mapping controls across CPCSC and CMMC Level 2 to avoid duplicated compliance effort.
Advisory engagements and Strategic cybersecurity advisory for primes and defence-technology firms on vendor security assessment, policy development, and cybersecurity roadmap planning.
Why a specialist Firm
Axontrack is incorporated in Canada, Canadian-owned, and Canadian-controlled, with no foreign ownership and no exposure to United States International Traffic in Arms Regulations (ITAR). For defence suppliers building a certification-ready supply chain posture, working with a firm that is itself structured correctly matters. Axontrack is also aligned with the Digital Systems priority area of the Canadian Defence Industrial Strategy (DIS), which means the firm's work sits inside the same framework its clients are being evaluated against.
Our team has implemented National Institute of Standards and Technology Special Publication 800-53 (NIST SP 800-53) controls in United States Department of Defense (DoD) contexts and delivered multiple System and Organization Controls 2 (SOC 2) Type 2 audits with zero exceptions as an external consultant. We know what auditors look for and how to build controls and documentation that hold up under assessment. For defence suppliers who have never been through a formal certification process, that track record is essential for rapid access to the Canadian defense market.