Singapore considers cybersecurity requirements for vendors with access to sensitive government data
Such vendors might need to meet certain standards before being licensed or allowed to bid for government contracts
THE Cyber Security Agency of Singapore (CSA) is assessing whether more cybersecurity measures are needed for vendors with access to sensitive government data or systems, said Minister for Digital Development and Information Josephine Teo on Friday (Mar 7).
These could be vendors such as cybersecurity penetration testing firms and cybersecurity auditors.
First, such vendors and their subcontractors might have to obtain CSA’s Cyber Essentials or Cyber Trust marks before even being licensed or allowed to bid for government contracts.
Second, the government may take the lead in incorporating cybersecurity considerations in procurement decisions.
The aim is to “raise baseline cybersecurity standards nationally and protect more organisations, especially those of higher risk”, noted Teo.
Given the “non-trivial” impact of these measures, CSA will engage relevant industry stakeholders in the coming months before deciding, she said.
The Cyber Essentials mark is for small and medium-sized enterprises. It helps firms implement fundamental cyber hygiene measures to protect against common cyberattacks.
The Cyber Trust mark recognises larger organisations that have implemented comprehensive cybersecurity measures and practices.
In the first half of 2025, the Cyber Essentials and Cyber Trust marks will also be updated to cover the security of digital technologies such as cloud and artificial intelligence, said Senior Minister of State for Digital Development and Information Tan Kiat How. This will keep these certifications relevant for the evolving digital landscape, he added.
Copyright SPH Media. All rights reserved.
