Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.
Singapore Government ICT&SS Policy Reform

Cybersecurity

Contains established international standards and guidelines relevant to the Singapore Government’s context.

Last updated 26 March 2026

Overview

As the Singapore Government’s digitalisation efforts continue to grow, agencies must continue to uphold the security of their systems and data. At the same time, cybersecurity standards must continue to evolve with the latest developments in technology and adopt a risk-based approach.

The Cybersecurity Control Catalog applies established international standards and guidelines to the Singapore Government’s context. Risk-based options are built into control parameters, enabling agencies to adapt controls to best fit their operating context.

Government agencies and their industry partners engaged in the design, development, or delivery of government digital services are expected to understand and apply the relevant Cybersecurity requirements. Adherence to these standards is essential for delivering secure and reliable digital services that align with the Government’s digital transformation objectives.

Cybersecurity Control Catalog

The details of the Catalog are shown below:

Access Control

Controls to protect against unauthorised access to agency systems.

Application Security

Controls to prevent application vulnerabilities caused by insecure coding.

Backup and Recovery

Controls to support backup and disaster recovery.

Container Security

Controls to secure container building, distribution, and deployment.

Cryptography, Encryption and Key Management

Controls to secure cryptographic protocols.

Data Protection

Controls to protect the data of a system.

Datacentre

Controls to secure datacentre system components.

Generative AI

Controls for the use of generative AI/LLMs within applications.

Human Resource

Controls for human resources.

Infrastructure Security

Controls to secure infrastructure that host applications, services, and data.

Logging and Monitoring

Controls to support detection and response to security and operations incidents.

Network Security

Controls to secure the network boundaries of a system.

Resiliency

Controls for resiliency.

Secure Development

Controls to secure the development pipeline and perform source code quality assurance.

Security Programme Management

Controls to implement cybersecurity governance, risk, and compliance processes and policies.

Security Testing

Controls to validate the security of a system via internal and external testing.

Software Supply Chain

Controls to prevent tampering and improve the integrity of the software supply chain.