CSA Certification

by

The Cyber Security Agency of Singapore (CSA) launched a new cybersecurity certification programme to recognise enterprises that have adopted and implemented good cybersecurity practices. The certification programme comprises two cybersecurity marks:  Cyber Essentials recognises enterprises that have put in place cyber hygiene measures, while Cyber Trust is a mark of distinction to recognise enterprises with comprehensive cybersecurity measures and practices. Mr Tan Kiat How, Minister of State for Communications and Information, announced the launch of the certification programme this afternoon at Marina Bay Sands Convention Centre.

2 Cyber Essentials is targeted at Small and Medium Enterprises (SMEs) – which tend to have limited IT and/or cybersecurity expertise and resources – and helps them prioritise the baseline cybersecurity measures needed to safeguard their systems and operations from common cyber-attacks. Cyber Trust, on the other hand, is targeted at larger or more digitalised enterprises – such as Multinational Corporations (MNCs) – as these enterprises are likely to have higher risk levels which require them to invest in significant expertise and resources to manage and protect their IT infrastructure and systems. The marks do not certify the cybersecurity of specific products or services, but rather, they certify the cybersecurity measures adopted at the organisation level. Please refer to the factsheet in Annex A for more information on Cyber Essentials and Cyber Trust.

3 CSA developed these marks in consultation with industry partners such as certification practitioners, technology providers and trade associations, taking into consideration the diverse organisational profiles and operational needs of enterprises in Singapore.  CSA worked with various companies to pilot the framework for the Cyber Trust and Essentials. These companies – from a myriad of sectors – include Andersen’s of Denmark Ice Cream, CrimsonLogic, IBM, Kestrel Aero and Lazada Singapore. CSA worked with these partners to “road-test” the certification requirements and provide feedback to CSA on the certification process. Please refer to Annex B for Quotes from the pilot users.

4 For a start, CSA has appointed eight independent certification bodies for enterprises applying for either Cyber Essentials or Cyber Trust. While these marks are not mandatory, CSA will work with its industry partners, such as Trade Associations and Chambers (TACs), to encourage their adoption. 

5 “CSA’s cybersecurity certification scheme for enterprises is a timely introduction to the market. Supply chain cyber-attacks will continue to proliferate in the digital space, and in time to come, companies could be required to demonstrate their cybersecurity posture when they conduct business as a way of providing greater assurance to their customers. Having the certification reflects the company’s commitment to ensure that they remain cyber-secure, giving them an edge over their competitors,” said Mr. David Koh, Chief Executive of CSA. 

6 To support enterprises in their journey to adopt cybersecurity and attain certification, CSA has developed a toolkit for IT teams and curated an initial ecosystem of partners with product and service offerings that can help enterprises address requirements of the marks. The toolkit for IT teams is part of CSA’s suite of cybersecurity toolkits targeted at key enterprise stakeholders that was launched in October 2021. It comprises resources that enterprises can use to prepare for cybersecurity certification, such as templates for tracking information assets. The ecosystem of partners with relevant products or services offers a range of solutions that enterprises may take up to address requirements of the marks.

7 Also complementing the rollout of the SG Cyber Safe Cyber Trust and Essentials is the ongoing development of a Technical Reference (TR) on Tiered Cybersecurity Standards for Enterprises to support the certification scheme. Led by CSA and the Singapore Standards Council (SSC), which is overseen by Enterprise Singapore and supported by the Infocomm Media Development Authority (IMDA), the TR development is being done in consultation with stakeholders from trade associations, technology providers and certification bodies.

8 The TR will provide tiered cybersecurity measures, such as establishing a process to protect sensitive data, installing anti-malware solutions and protecting backups from authorised access, to address the different risk profiles of enterprises. The tiered measures take into consideration the diverse operational needs and organisational profiles in Singapore. The use of the new TR, together with CSA’s certification scheme, will help protect IT assets, personal data and raise the cybersecurity preparedness levels in organisations. The TR is expected to be published in the second quarter of 2022.

Cybersecurity Certification Centre

About the Cybersecurity Certification Centre (CCC)
The Cybersecurity Certification Centre (CCC) focuses on the evaluation, certification and labelling of cybersecurity products. CCC operates three schemes aimed at providing the security assurance that the product has undergone impartial examination and testing to ascertain that it is securely designed, implemented, and appropriate in mitigating the specified security threats. 
Singapore Common Criteria SchemeSingapore Common Criteria Scheme (SCCS)
The certification of commercial IT products targeting the international marketplace.  Cybersecurity Labelling SchemeCybersecurity Labelling Scheme (CLS) 

The labelling of network-connected consumer smart devices, to enable consumers to discern the security levels in the devices and make more informed purchase decisions.

NITESNational IT Evaluation Scheme (NITES) 
The evaluation and certification of IT products that meets high assurance requirement for Singapore government agencies. 

National Integrated Centre for Evaluation (NiCE) 

A Memorandum of Agreement between the CSA and NTU was signed to establish the National Integrated Centre for Evaluation (NiCE) in 2019 and launched by Minister Josephine Teo on 18th May 2022. NiCE, equipped with advanced evaluation tools, equipment and capabilities, is set up to a one-stop centre for Evaluation, Research and Education for product security. The centre aims to seed a community of practice, grow a vibrant and sustainable Testing, Inspection, Certification (TIC) industry for cybersecurity, and build a pipeline of local talent in product evaluation.

###

About the Cyber Security Agency of Singapore 

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.

For media enquiries, please contact:

Tan Boon Leng
Senior Assistant Director, Comms and Engagement Office
Email: Tan_Boon_Leng@csa.gov.sg

Elaine Lim
Senior Manager, Comms and Engagement Office
Email: Elaine_Lim@csa.gov.sg

Related Posts

Related Articles: