CSA to raise cybersecurity standards for critical information infrastructure owners
27 March 2026
On 2 March 2026, the Cyber Security Agency of Singapore (“CSA”) announced that it will require critical information infrastructure (“CII”) owners (“CIIOs”), auditors conducting audits for CIIOs, and licensed cybersecurity service providers providing penetration testing and managed security operations centre monitoring services to meet the Cyber Trust Mark (“CTM”) requirements. The new measure aims to raise the baseline national cybersecurity standards of these organisations and address supply chain risks.
Singapore’s rapid digital transformation has underscored the importance of organisations, especially CIIOs and their vendors that have access to sensitive data or critical systems, adhering to a common set of standards to stay ahead of emerging cyber threats. The new measure will require all CIIOs, approved auditors conducting audits for CIIOs, and licensed cybersecurity providers to demonstrate that they meet the cybersecurity standards that match their risk profile by attaining tiered requirements under the CTM, which recognises organisations with comprehensive cybersecurity measures and practices according to their risk profile.
CIIOs will be given a two-year grace period, until end-2027, to obtain a CTM Level 5, the highest tier of the certification, for the non-CII systems under their control that support the organisation’s business operations and services. CII auditors will be given a one-year grace period, until end-2026, to obtain this mark at the organisation level for systems that support their business operations and services.
Licensed cybersecurity service providers will be required to obtain an active CTM Promoter (Tier 3) certification to ensure that they maintain an appropriate level of cyber hygiene, and will be given a grace period until 31 December 2026 to do so. CSA had sought feedback on a version of the changes to the licensing framework for licensed cybersecurity service providers in a consultation paper published on 22 September 2025.
Reference materials
The following materials are available on the CSA website www.csa.gov.sg and the website of the Ministry of Digital Development and Information www.mddi.gov.sg: