Professional Documents
Culture Documents
OVERVIEW 1 Global Cyber Landscape The global cyber landscape has changed
The speed of technology adoption An internationally-recognised The two schemes listed in this guide,
continues to accelerate for both certification mark has become a catering to different market segments, are:
work and play, with new business necessity for local developers to
models and market opportunities expand their market reach globally. Singapore Common Criteria
still being unlocked. Scheme (SCCS), for certification of
commercial IT products targeting
CSA Cybersecurity Certification
the international marketplace;
With greater digitalisation and Centre operates the following
connectivity comes increased schemes aimed at providing
National IT Evaluation Scheme
emphasis on cybersecurity. the security assurance that
(NITES), for evaluation of IT
While cybersecurity is a concern, the product has undergone products that meets high
2 it is also a market opportunity. impartial examination and testing assurance requirement for 3
Based on the IDC forecast made to ascertain that it is securely Cyber Security Agency
Singapore government agencies.
in October 2018, worldwide designed, implemented, and of Singapore (CSA) is
spending for cybersecurity is appropriate in mitigating the the national agency that
projected to reach $133.7 billion by specified security threats. Through these schemes, smaller companies, provides dedicated and
2022 1 ; and the demand for higher- who have yet to establish track records, will centralised oversight
quality and secure products will be able to demonstrate the merits of their of national cybersecurity
continue to increase. products that are benchmarked against functions including
international standards. strategy, international
policy, R&D, outreach,
system and industry
development.
1
“New IDC Spending Guide Forecasts Worldwide Spending on Security Solutions will Reach $133.7 Billion in 2022”, International
Data Corporation (IDC) Press Release, 04 October 2018, https://www.idc.com/getdoc.jsp?containerId=prUS44370418
SCHEMES
Cybersecurity Certification Guide
Common Criteria
Recognition Arrangement
➀ can apply to CSA-CCC
to have their product
evaluated under SCCS.
➄ Supports development
Recognises CSA as
Supervises evaluation of Common Criteria
CC certification body
Developers engage a
➁
of product standard CCTL approved by SCCS
➂ Requests for certification
to undergo evaluation in
➅ Issues certificate to
accordance to internationally
Common Criteria recognised standards.
Testing Laboratory
6 7
(CCTL)
➃ ➁ Approves
Evaluates Engages
as CCTL
product CCTL
➂
After the evaluation,
an assessment will be
submitted to CSA-CCC.
Common Criteria
Sponsor /Developer Testing Laboratory
(CCTL)
➆ ➀ Accredits CCTL
Provides certified Requires security
with ISO 17025
products to assurance from
If successful, CC
➃
certificate will be issued
which raises the level of
trust and assurance in
Consumer
the product.
Dirk-Jan Out Goh Eng Choon Dr. Igor Furgel Er Chiang Kai Daryl Koh
Chief Executive Officer Deputy President Head of Certification Body Chief Technology Officer Managing Director
Brightsight Cybersecurity Systems Group, T-Systems V-Key An Security
Electronics,
ST Engineering
SCHEMES
Cybersecurity Certification Guide
12 13
What’s going on? As a general consumer,
how can we better protect
In the market, a large number ourselves when we are
of devices are being sold with unable to determine if a
poor cybersecurity provisions. product is good or bad?
Hackers generally look for
the easiest systems to attack To help general consumers
that will net the most damage better protect themselves
and returns. against cyber-attacks,
Singapore is exploring a
While consumers will most labelling scheme for these
often choose the more consumer devices. Under this
secure product if available, scheme, the cybersecurity
the amount of security that labels would help to provide an
is built into these devices is indication of the level of security
not usually made known by that is embedded in the products and
the manufacturers. Thus, empower consumers to make more
consumers are unable to informed purchasing decisions. In the
make informed decisions long run, manufacturers would thus
towards purchasing more be encouraged to provide products
secure devices. with better cybersecurity provisions.
SCHEMES
Cybersecurity Certification Guide
16