Guidelines

Overview

The Guidelines page is where you manage and assign the technical work instructions (technical controls) that must be implemented across your assets.

Accessing the Guidelines Page

Go to app.maplegrc.com.
Log in with your account credentials.
From the homepage, navigate to the Detection Guideline page and Protection Guideline page.

Before you begin

The technical controls on this page are automatically generated based on your organization’s software asset list and the latest requirements outlined in the CyberSecure Canada framework.

Before working with the Guidelines page, make sure to follow these steps:

Verify your Asset Inventory
Ensure that all assets are added to your Asset Inventory. When you open the Guidelines page, you will see a list of assets already pulled from your inventory.

Workflow Steps to Follow

View applicable controls
Under each asset, Expand any asset to reveal its applicable technical controls (e.g., Least Privilege, System Backup, Multi-Factor Authentication).

2. Generate procedures if needed
If you don’t see newly added assets, click Generate Procedures. This action re-analyzes your inventory and generates the relevant guidelines so they appear on the page.

3. Refresh and review
After refreshing, your updated list of assets will appear.

Filter

At the top of the page you can filter when you need focus:

By criticality — focus only on critical systems.
By regulation — for example, select Cybersecure Canada to see each control’s mapped control ID from that framework.

When CyberSecure Canada filter is applied, each technical control displays a control ID directly from the Cybersecure Canada framework.

Work With a Control (Step-by-Step)

Open the control
- Click the control ID (when filtering by CyberSecure Canada) or the control name to open its step-by-step implementation guide tailored to that control and the specific asset.

2. Review the guide contents
Inside the guide you’ll find:

- Description of the control
- How to audit it
- Exact steps to implement it

3. Set status & due date

- Update the control’s status: Not Started, In Progress, On Hold, or Implemented.
- Assign a due date for implementation.

4. Assign an owner

- Assign the control to a team member (e.g., IT) or an external vendor.
- Click Save. The status updates automatically and the assignee’s name appears in the members list.

5. Upload evidence (after implementation), Click the “Evidence” button

You will be given the option to either upload an attachment from your existing company profile files or add a new file.

If you choose to upload from existing files, a list of all previously generated or uploaded files in your company profile will be displayed.
Select the desired file from the list

Click Add new File to upload a file from your computer.
From the Tag dropdown, choose one of: Policy, Procedure, Record, Checklist, or Other (specify).
Then, Click Upload Files

How This Page Works

Click the How This Page button to watch a short demo video that walks you through the page step by step.

Why Guidelines Matter

The Guidelines page helps you implement the technical controls required by CyberSecure Canada, For example (Quoted from CyberSecure Canada framework):

Section 5.2 is about enabling automatic updates to keep your software patched and secure.
Section 5.3 requires antivirus or security software.
Section 5.4 focuses on secure device configuration.
Section 5.5 covers strong passwords and multi-factor authentication.
Section 5.6 requires you to back up and encrypt your data.
Section 5.7 is all about network protections, like firewalls or VPNs.
Section 5.8 ensures you control who has access to your systems.

By completing all the steps on this page, you ensure that your organization is meeting all the applicable requirements from CyberSecure Canada—and staying on track for certification.

Page updated

Report abuse