Cybersecurity Labelling Scheme (CLS)
For Manufacturers  

About   |   Registration   |   Updates  |  Approved Labs  |   For Consumers   |   For Manufacturers   |   Product List   |   FAQs

Mutual Recognition with Finland

Level 3 and Level 4 applications for consumer connected products may be granted both the Cybersecurity Labelling Scheme label and the Finnish Cybersecurity Label at once, with a single application process.

Cybersecurity Levels & Assessment Tiers

The CLS comprises of four cybersecurity levels, corresponding to the number of asterisks on the label, as well as the highest assessment tier that the product has successfully completed.

There are four different tiers of assessment. Each assessment tier, to be completed in sequence, reflects the increasing resistance the product has to basic attacks that they may be commonly subjected to.

CLS Levels


For example, manufacturers may choose to have the product rated at CLS Level 3 (three asterisks), and hence have the product undergo assessments at Tiers 1, 2, and 3.

Cybersecurity Labelling Scheme Tier 1 Tier 1: Security Baseline Requirements
Manufacturers should follow a set of baseline security requirements based on ETSI EN 303 645[1] in the devices by eliminating ‘common mistakes’ to guard against majority of attacks based on common weakness such as default password, ensuring the availability of security updates and implementing means to manage vulnerability reporting.

Cybersecurity Labelling Scheme Tier 2 Tier 2: Lifecycle Requirements

Manufacturers should include security considerations, which are based on the IMDA IoT Cyber Security Guide[2], into the development lifecycle of the connected device to adopt security best practices (threat modelling, secure engineering approach, secure supply chain, security testing, and etc) to ensure security in the device.

Cybersecurity Labelling Scheme Tier 3 Tier 3: Software Binary Analysis

The software of the connected device is evaluated by a test laboratory using automated binary analysers to ensure that there is no known critical software weakness, vulnerabilities or malware.

Cybersecurity Labelling Scheme Tier 4 Tier 4: Penetration Testing

The connected device undergoes penetration testing by a test laboratory to provide a basic level of resistance against common cybersecurity attacks.

CLS Publications

Please right-click on the links below to download the respective publications:

If you are interested in receiving notifications on the release of new/updated publications, please email us at to sign up for our mailing list.

Approved Labs

To access the list of CLS-approved laboratories, click here.

[1] Cyber Security for Consumer Internet of Things: Baseline Requirements, ETSI EN 303 645, outlines 14 broad security provisions and seeks to address the most common security problems.
[2] IMDA IoT Cyber Security Guide, March 2020. The guide seeks to provide baseline recommendations, foundational concepts for IoT.