Ontario Cyber Security Framework

The Ontario Cyber Security Framework (OCSF) is used by electricity transmitters and distributors to assess and report their cyber security capabilities to the OEB.

The OCSF is based upon the US Department of Commerce’s National Institute of Standards and Technology (NIST) cyber security framework. It has also adopted the US Department of Energy’s Cyber Security Capability Model, using four maturity indicators to establish achievement levels.

The OCSF integrates privacy principles, including those contained in Canada’s Personal Information Protection and Electronic Documents Act.

Last revised
December 7, 2023

Latest version: Ontario Cyber Security Framework (OCSF) v 1.1


In 2016, the OEB tasked a group of industry leaders and operational experts representing transmitters, distributors and other key stakeholders, with developing the first OCSF (version 1.0), which was released in 2017.

In 2018, the Cyber Security Advisory Committee, an industry-led committee consisting of representatives of Ontario's electricity utilities and other stakeholders, was established. Its purpose is to provide the OEB with expert advice while also maintaining and evolving the OCSF.

On December 7, 2023, the CSAC released version 1.1 of the OCSF.

Related documents