Singapore Can Now Issue Common Criteria Certification for Cybersecurity Products

Singapore has achieved the status of a Certificate Authorising Nation under the Common Criteria standard, giving it the ability to evaluate and certify security products. Common Criteria is a technical standard used by government and industry for IT security, while the Common Criteria Recognition Arrangement (CCRA) is an international scheme for the mutual recognition of CC certificates across 30 nations, 18 of which issue certificates. A CC certification body has been set up by the Cyber Security Agency of Singapore (CSA). It is responsible for ensuring that product evaluation undertaken by approved Common Criteria Testing Laboratories (CCTL) in Singapore conforms to strict security requirements before issuing a CC certificate. Singapore’s acceptance into the programme is intended to support the growth of the local cybersecurity industry, amid a landscape dominated by global players. With Singapore becoming a Certificate Authorising Nation, these cybersecurity firms no longer need to send their products overseas for certification. They can also expect lower costs and shorter time in attaining an internationally-recognised certification mark, according to the Infocomm and Media Development Authority (IMDA). Additionally, the city-state hopes that the move will help create more job opportunities for local cybersecurity professionals by attracting global evaluation and testing laboratories to establish local operations or even anchor their global operations in Singapore.