\n<\/p>\n
In a media factsheet, CSA said it will require CIIOs, auditors conducting audits for CIIOs, as well as licensed cybersecurity service providers providing penetration testing and managed security operations centre monitoring services, to meet Cyber Trust Mark (CTM) requirements.<\/p>\n
The CTM serves as a mark of distinction for organisations to prove that they have put in place good cybersecurity practices and measures that are commensurate with their cybersecurity risk profile.\u00a0<\/p>\n
There are five cybersecurity preparedness tiers, with 10 to 22 domains under each tier.\u00a0<\/p>\n
Currently, CIIOs are required to adhere to higher standards set out in the Cybersecurity Code of Practice for their CII systems.\u00a0<\/span><\/p>\n The new requirement for CIIOs to meet CTM Level 5 \u2013 the highest tier of certification \u2013 is meant for non-CII systems owned by the CIIOs. <\/span>They will be given until the end of 2027 to obtain this certification.<\/p>\n CII auditors will be given until the end of 2026 to obtain this mark at the organisation level for systems that support its business operations or services.<\/p>\n \u201cWith Singapore\u2019s rapid digital transformation, many businesses are becoming increasingly reliant on technology,\u201d said CSA and IMDA.<\/p>\n \u201cIt is important for organisations, especially CIIOs and their vendors that have access to sensitive data or critical systems, to adhere to a common set of standards to stay ahead of emerging cyber threats.\u201d<\/p>\n The authorities will do more to protect citizens against malicious actors, said Mr Tan.<\/p>\n For one, it will ensure that the digital products that are sold in Singapore have “baseline security safeguards” that make them harder to be compromised, he added.<\/p>\n Currently, all residential routers sold in Singapore must meet CLS level 1 requirements, such as having unique default passwords, vulnerability management processes and keeping software updated.<\/p>\n While CLS Level 1 provides basic protections, the evolving cyber threat landscape requires more robust defences, said CSA and IMDA in a factsheet.<\/p>\n \u201cCurrent Level 1 requirements, while addressing fundamental vulnerabilities, are insufficient against more sophisticated attacks that exploit weaknesses in data encryption, authentication mechanisms, and secure storage,\u201d added the authorities.<\/p>\n \u200b\u200bLast year, Singapore took part in a global operation, where it was found that attackers infected over 2,700 Singapore devices, including routers.<\/p>\n<\/div>\n