Singapore: Cyber Security Agency adopted Cyber Trust Mark Level 5 requirement for Critical Information Infrastructure Owners and auditors

On 2 March 2026, the Cyber Security Agency (CSA) adopted a requirement for Critical Information Infrastructure Owners (CIIOs) and CII auditors to obtain the Cyber Trust Mark (CTM) Level 5 certification. The mandate aims to establish a consistent national baseline for cybersecurity standards across organisations managing sensitive data or critical systems. The CTM serves as a tiered certification framework that validates an organisation's cybersecurity measures according to its specific risk profile. Under these regulations, CIIOs must ensure that the systems under their control that support business services meet the highest tier of the certification, Level 5. The framework incorporates standards for emerging risks, including cloud security, operational technology (OT) security, and Artificial Intelligence (AI) security.