Common Criteria (CC), also known as ISO/IEC 15408, is a globally recognised technical standard for IT security evaluation. CC certificates issued by an authorised nation (including Singapore) are mutually recognised across all 31 member nations based on the Common Criteria Recognition Arrangement (CCRA).
Products that are CC-certified demonstrate the highest standards of IT security, an increasing prerequisite in our interconnected world.
National IT Evaluation Scheme
The Singapore National IT Evaluation Scheme (NITES) was launched in November 2009. Products intended to be used for handling sensitive government data have to be evaluated in accordance with NITES.
The most stringent requirements are needed when it comes to safeguarding Singapore’s national interests. NITES provides the assurance that the security measures provided by the product to safeguard the highly classified information in the intended deployment scenarios are suitable.
Products that perform critical security functions such as cryptographic operations are likely to be subjected to security evaluation. NITES largely adopts the CC methodology of evaluating the products at high assurance level with additional requirements.
Cybersecurity Labelling Scheme
As part of efforts to better secure Singapore’s cyberspace, raise cyber hygiene levels, and increase awareness of consumer IoT security, CSA introduced the Cybersecurity Labelling Scheme (CLS) for network-connected smart devices.
The CLS, which marks a first in the Asia-Pacific region, comprises different levels of cybersecurity ratings to provide an indication of the level of security embedded in the device. This helps consumers identify more secure devices for better protection against cyber-attacks.