29 Mar 2022
CSA LAUNCHES NEW CYBERSECURITY CERTIFICATION PROGRAMME TO RECOGNISE ENTERPRISES WITH GOOD CYBERSECURITY PRACTICES
The Cyber Security Agency of Singapore (CSA) today launched a new cybersecurity certification programme to recognise enterprises that have adopted and implemented good cybersecurity practices. The certification programme comprises two cybersecurity marks: Cyber Essentials recognises enterprises that have put in place cyber hygiene measures, while Cyber Trust is a mark of distinction to recognise enterprises with comprehensive cybersecurity measures and practices. Mr Tan Kiat How, Minister of State for Communications and Information, announced the launch of the certification programme this afternoon at Marina Bay Sands Convention Centre.
2 Cyber Essentials is targeted at Small and Medium Enterprises (SMEs) - which tend to have limited IT and/or cybersecurity expertise and resources – and helps them prioritise the baseline cybersecurity measures needed to safeguard their systems and operations from common cyber-attacks. Cyber Trust, on the other hand, is targeted at larger or more digitalised enterprises - such as Multinational Corporations (MNCs) – as these enterprises are likely to have higher risk levels which require them to invest in significant expertise and resources to manage and protect their IT infrastructure and systems. The marks do not certify the cybersecurity of specific products or services, but rather, they certify the cybersecurity measures adopted at the organisation level. Please refer to the factsheet in Annex A for more information on Cyber Essentials and Cyber Trust.
3 CSA developed these marks in consultation with industry partners such as certification practitioners, technology providers and trade associations, taking into consideration the diverse organisational profiles and operational needs of enterprises in Singapore. CSA worked with various companies to pilot the framework for the Cyber Trust and Essentials. These companies – from a myriad of sectors - include Andersen’s of Denmark Ice Cream, CrimsonLogic, IBM, Kestrel Aero and Lazada Singapore. CSA worked with these partners to “road-test” the certification requirements and provide feedback to CSA on the certification process. Please refer to Annex B for Quotes from the pilot users.
4 For a start, CSA has appointed eight independent certification bodies for enterprises applying for either Cyber Essentials or Cyber Trust. While these marks are not mandatory, CSA will work with its industry partners, such as Trade Associations and Chambers (TACs), to encourage their adoption.
5 “CSA’s cybersecurity certification scheme for enterprises is a timely introduction to the market. Supply chain cyber-attacks will continue to proliferate in the digital space, and in time to come, companies could be required to demonstrate their cybersecurity posture when they conduct business as a way of providing greater assurance to their customers. Having the certification reflects the company’s commitment to ensure that they remain cyber-secure, giving them an edge over their competitors,” said Mr. David Koh, Chief Executive of CSA.
6 To support enterprises in their journey to adopt cybersecurity and attain certification, CSA has developed a toolkit for IT teams and curated an initial ecosystem of partners with product and service offerings that can help enterprises address requirements of the marks. The toolkit for IT teams is part of CSA’s suite of cybersecurity toolkits targeted at key enterprise stakeholders that was launched in October 2021. It comprises resources that enterprises can use to prepare for cybersecurity certification, such as templates for tracking information assets. The ecosystem of partners with relevant products or services offers a range of solutions that enterprises may take up to address requirements of the marks.
7 Also complementing the rollout of the SG Cyber Safe Cyber Trust and Essentials is the ongoing development of a Technical Reference (TR) on Tiered Cybersecurity Standards for Enterprises to support the certification scheme. Led by CSA and the Singapore Standards Council (SSC), which is overseen by Enterprise Singapore and supported by the Infocomm Media Development Authority (IMDA), the TR development is being done in consultation with stakeholders from trade associations, technology providers and certification bodies.
8 The TR will provide tiered cybersecurity measures, such as establishing a process to protect sensitive data, installing anti-malware solutions and protecting backups from authorised access, to address the different risk profiles of enterprises. The tiered measures take into consideration the diverse operational needs and organisational profiles in Singapore. The use of the new TR, together with CSA’s certification scheme, will help protect IT assets, personal data and raise the cybersecurity preparedness levels in organisations. The TR is expected to be published in the second quarter of 2022.
About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.
CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.
For media enquiries, please contact:
Tan Boon Leng
Senior Assistant Director, Comms and Engagement Office
Senior Manager, Comms and Engagement Office