Updates

• CLS(IoT) Testing Laboratories (TLs) have been approved to perform the review of the declaration of conformity for all CLS(IoT) levels. This means that, starting from 22 September 2023, developers and manufacturers can now engage CLS(IoT) TLs to perform the review of the declaration of conformity. More information on this can be found on the CLS(IoT) publications page.
• A new CLS(IoT) publication, CCC SP-151-4 CLS(IoT) Assessment Methodology v1.0 has been released. This document was developed to provide clarifications on the requirements of each security provision. It also specifies what is required of the IoT device to fulfill each security provision and provides elaborations on what an assessor should look for in the evidence to determine if they are fulfilled.
• The CLS(IoT) application process has been completely onboarded to the GoBusiness Portal. This allows us to streamline the application intake process and allows manufacturers/developers to make payment directly on the site, further reducing the time needed project lead times.
• The documents required for submission of CLS(IoT) applications have been revised. The original CLS(IoT) Conformity Checklist will now be replaced with a Declaration of Conformity and CLS(IoT) – Company – Supporting v1.0.
• The binary scan conducted as a requirement of CLS(IoT) Level 3 and Level 4 has been revised. The developer and the testing laboratory must now ensure that all known vulnerabilities in the device's software components are accounted for, along with the components declared in the Software Bill of Materials (SBOM). More information on this can be found in the CCC SP-151-2 CLS(IoT) Scheme Specifications v1.3 publication. 

The Cybersecurity Labelling Scheme requirements have been revised on 20 Oct 2022 and will take effect immediately.

The following changes have been made:

• Level 2 of the CLS has been revised and manufacturers are required to ensure adherence to a set of International Standard (currently based on all mandatory requirements found within the ETSI 303 645) for devices.
  
• Level 3 of the CLS has been revised and manufacturers are required to include security considerations into the development lifecycle of the device and adopt security best practices to ensure security in the device. In addition, software has to be evaluated by a test laboratory using automated binary analysers to ensure no known critical software weakness, vulnerabilities, or malware.

Level 1 and Level 4 applications are unaffected by the changes.

The revised CLS publications are available at here. For clarifications on the revised requirements, please reach out to cls_iot@csa.gov.sg.

- Updated on 20 October 2022

CLS extended to all categories of consumer IoT devices

CSA is extending the CLS to all categories of consumer IoT devices, such as IP cameras, smart door locks, smart lights and smart printers. For information on registration, please refer to For Manufacturers.

- Updated on 21 Jan 2021

Launch of Technical Specifications for Residential Gateways (“RG”) 

The Infocomm Media Development Authority (“IMDA”) launched the finalised Technical Specifications for Residential Gateways (“RG”) on 12 Oct 2020 to help enhance security requirements for new home routers sold in Singapore.

Wi-Fi home routers which comply with IMDA’s specifications qualify for Level 1 of the Cyber Security Agency of Singapore’s Cybersecurity Labelling Scheme (CLS).

While users do not need to change their existing home routers, they are encouraged to purchase those which are compliant with IMDA’s cybersecurity requirements when they next upgrade their devices. They are also advised to update their firmware regularly.

For more information, please refer to IMDA's Media Release.

- Posted on 12 Oct 2020

Launch of Cybersecurity Labelling Scheme (CLS)

CSA has launched the Cybersecurity Labelling Scheme (CLS) today. The CLS, a first in the Asia-Pacific, will provide different cybersecurity rating levels for registered smart devices. This will help consumers easily assess the level of security offered and make informed choices in purchasing a device. For more information, please refer to the Media Factsheet. 

- Posted on 7 Oct 2020

Archived Updates

CLS Industry Briefing

CSA is conducting a virtual briefing on the CLS and its application process on 30 October 2020 (Friday), 1pm to 2.30pm. We would like to invite interested manufacturers/developers of network-connected smart devices to sign up for the briefing.

The virtual briefing has been concluded. For enquiries, please write to us at cls_iot@csa.gov.sg.

- Posted on 28 Oct 2020

Cybersecurity Labelling Scheme (CLS) Fee Waiver

To encourage adoption of the scheme, CSA has waived the application fees for the CLS until 6 Oct 2021. To apply, visit https://www.go.gov.sg/cls-reg.

- Posted on 7 Oct 2020