🏅 Why Singapore organisations must act now — 2026 CTM enforcement is accelerating
Audit · Consultation · Training
Five tiers · Cloud · OT · AI Security · ESG/EDG grant managed
Audits
Baseline gap assessment · Cloud Security audit · OT/ICS audit · AI Security audit · Pre-certification readiness audit.
Explore audit →Consulting
Full certification · Cloud track · OT/ICS track · AI Security + ISO 42001 · Tier upgrade · Integrated CTM+ISO27001.
Explore consulting →Training
Awareness (EN/中文) · Cloud & OT technical workshop · Board governance · AI Security domain training.
Explore training →Framework — Five Preparedness Tiers
CSA Cyber Trust Mark: five tiers, 10–22 domains.
Essential Cyber Hygiene (10 Domains)
- 📦 Asset Management
- 🔐 Secure Configuration
- 🔄 Software Security
- 🔑 Access Control
- 🛡️ Malware Protection
- 🌐 Network Security
- 📋 Security Policies
- 👥 Staff Awareness
- 🚨 Incident Response
- 💾 Backup & Recovery
Managed Controls (13 Domains)
- + Asset Management
- + Identity & Access Mgmt
- + Vulnerability Management
- + Supplier Risk Management
- + Business Continuity
- + Security Governance
- + Compliance Management
- + Security Training
- + Security Monitoring
Advanced Cyber Risk Mgmt (16 Domains)
- + Penetration Testing
- + Application Security
- + Threat Intelligence
- ☁️ Cloud Security (Track A)
- ⚙️ OT Security (Track B)
- + SIEM Monitoring
Proactive & Resilient (19 Domains)
- + Red Team Exercises
- + Zero Trust Architecture
- + Supply Chain Security (Advanced)
- 🤖 AI Security (Track C)
- + Cyber Crisis Management
- + Digital Forensics
Excellence in Cyber Governance (22 Domains)
- + Cloud Security (Full Track)
- + OT Security (IEC 62443)
- + AI Security (SS 712:2025)
- + Board-Level Cyber Governance
- + Cyber Threat Intelligence (Advanced)
Three Specialisation Tracks
Cloud Security · OT Security · AI Security — unlocked at Tier 3 and above
Cloud Security
Cloud governance, IAM/PAM, encryption, container security, MAS TRM aligned.
Explore Cloud Security →OT Security
OT asset inventory, Purdue segmentation, OT patch mgmt, IEC 62443 alignment, EMA Cybersecurity Code.
Explore OT Security →AI Security
AI risk assessment, adversarial ML, model security, SS 712:2025 + ISO 42001 integration.
Explore AI Security →50% ESG / EDG grant co-funding — up to 50% of CTM consultation costs
Enterprise Singapore's EDG covers up to 50% of qualifying cybersecurity consultancy fees for eligible Singapore SMEs. ICFC manages your grant application before project commencement. Combined CTM + Cyber Essentials + ISO 27001 engagements maximise total co-funding.
Check grant eligibility →
CSA Cyber Trust Mark — tier comparison at a glance
| Criteria | Tier 1 | Tier 2 | Tier 3 | Tier 4 | Tier 5 |
|---|---|---|---|---|---|
| Domains covered | 10 | 13 | 16 | 19 | 22 |
| Assessment method | SAQ + assessor | 3rd-party | Independent | Rigorous independent | Regulator-informed |
| Cloud Security track | – | – | ✓ | ✓ | ✓ |
| OT Security track | – | – | ✓ | ✓ | ✓ |
| AI Security track | – | – | – | ✓ | ✓ |
| Typical ICFC timeline | 4–8 wks | 6–10 wks | 3–5 mo | 4–7 mo | 6–12 mo |
Head of Technology
Colocation Data Centre
"ICFC guided our data centre through CTM Tier 4 including Cloud Security and AI Security tracks in under 5 months. Their depth across all 22 domains is exceptional."
Group CISO
Energy CII Operator
"CTM Tier 5 with OT Security was non-negotiable. ICFC delivered OT domain alongside EMA Cybersecurity Code in a single engagement — outstanding value."
FAQs — CSA Cyber Trust Mark
Start your Cyber Trust Mark journey today
Free 30-minute CTM readiness assessment. Tier selection guidance. Cloud, OT & AI Security track scoping. ESG/EDG grant eligibility check included. CII, FinTech, Data Centre specialists.
