Description

Adopted Cyber Security (Licensing of Cyber Security Service Provider) Regulations 2024

On 16 August 2024, the Cyber Security (Licensing of Cyber Security Service Provider) Regulations 2024 were adopted. Under Section 27 of the Cyber Security Act, any person offering or advertising cyber security services, except when provided to a related company, must be licensed. The CSSP Regulations outline the licensing procedures and fees for services such as managed security operation centre monitoring, which involves monitoring a computer system to detect cyber security threats and determining response measures, and penetration testing, which assesses cyber security vulnerabilities through simulated attacks. However, the licensing requirements do not apply if these services are provided by a government entity, by a person to their related company, or for computer systems located outside Malaysia.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
other service provider
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2024-08-16
adopted

On 16 August 2024, the Cyber Security (Licensing of Cyber Security Service Provider) Regulations 20…

2024-08-26
in force

On 26 August 2024, the Cyber Security (Licensing of Cyber Security Service Provider) Regulations 20…