On 16 August 2024, the Cyber Security (Licensing of Cyber Security Service Provider) Regulations 2024 were adopted. Under Section 27 of the Cyber Security Act, any person offering or advertising cyber security services, except when provided to a related company, must be licensed. The CSSP Regulations outline the licensing procedures and fees for services such as managed security operation centre monitoring, which involves monitoring a computer system to detect cyber security threats and determining response measures, and penetration testing, which assesses cyber security vulnerabilities through simulated attacks. However, the licensing requirements do not apply if these services are provided by a government entity, by a person to their related company, or for computer systems located outside Malaysia.
Original source