Back to Frameworks

Singapore Cybersecurity Act 2018

Singapore
v2018 (amended 2024)
5 domains
5 controls

The Singapore Cybersecurity Act 2018 establishes a legal framework for the oversight and maintenance of national cybersecurity. It designates Critical Information Infrastructure (CII) sectors, establishes the Cyber Security Agency of Singapore (CSA) as the regulatory authority, and provides for incident reporting, cybersecurity audits, and penetration testing. The 2024 amendments expand coverage to encompass entities of special cybersecurity interest and foundational digital infrastructure.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (5)

CII

1 controls
Controls in the CII domain of Singapore Cybersecurity Act 20181 controls
CodeTitle
SGCYBER-1Critical Information Infrastructure (CII) Designation and Registration

Enforcement

1 controls
Controls in the Enforcement domain of Singapore Cybersecurity Act 20181 controls
CodeTitle
SGCYBER-5Investigation, Enforcement, Cooperation

Incident Reporting

1 controls
Controls in the Incident Reporting domain of Singapore Cybersecurity Act 20181 controls
CodeTitle
SGCYBER-3Cyber Incident Reporting

Licensing

1 controls
Controls in the Licensing domain of Singapore Cybersecurity Act 20181 controls
CodeTitle
SGCYBER-4Licensing of Cybersecurity Services

Standards

1 controls
Controls in the Standards domain of Singapore Cybersecurity Act 20181 controls
CodeTitle
SGCYBER-2Codes of Practice, Standards, Audits

Your Compliance Coverage

If you comply with Singapore Cybersecurity Act 2018, you already cover:

Maps to 95 other frameworks

5 total controls
BSI IT-Grundschutz
1 source controls mapped|3 target controls covered
20%
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
1 source controls mapped|1 target controls covered
20%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
1 source controls mapped|1 target controls covered
20%
TEFCA - Trusted Exchange Framework and Common Agreement
1 source controls mapped|1 target controls covered
20%
APPI
1 source controls mapped|2 target controls covered
20%
NIST AI Risk Management Framework (AI RMF 1.0)
1 source controls mapped|1 target controls covered
20%
APRA CPS 234
1 source controls mapped|3 target controls covered
20%
API 1164
1 source controls mapped|3 target controls covered
20%
ISO/IEC 27400:2022
1 source controls mapped|1 target controls covered
20%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
1 source controls mapped|2 target controls covered
20%
APRA CPS 230 Operational Risk Management
1 source controls mapped|1 target controls covered
20%
NIST SP 800-171
1 source controls mapped|1 target controls covered
20%
FFIEC Cybersecurity Assessment Tool (CAT)
1 source controls mapped|1 target controls covered
20%
ASIS SPC.1-2009 - Organizational Resilience Standard
1 source controls mapped|1 target controls covered
20%
Barbados Data Protection Act 2019
1 source controls mapped|1 target controls covered
20%
Azure Security Benchmark
1 source controls mapped|1 target controls covered
20%
ISO/IEC 27010:2015
1 source controls mapped|1 target controls covered
20%
ASD Strategies to Mitigate Cyber Security Incidents
1 source controls mapped|2 target controls covered
20%
Bahrain PDPL
1 source controls mapped|2 target controls covered
20%
ISO/IEC 30111:2019
1 source controls mapped|2 target controls covered
20%
ISO/IEC 29147:2018
1 source controls mapped|1 target controls covered
20%
AWS Well-Architected Security Pillar
1 source controls mapped|1 target controls covered
20%
COSO Internal Control - Integrated Framework (2013)
1 source controls mapped|1 target controls covered
20%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
20%
20%
FedRAMP Rev 5
1 source controls mapped|2 target controls covered
20%
Family Educational Rights and Privacy Act (FERPA)
1 source controls mapped|1 target controls covered
20%
FIRST CSIRT Services Framework and Standards
1 source controls mapped|1 target controls covered
20%
FISMA
1 source controls mapped|2 target controls covered
20%
FTC GLBA Safeguards Rule (16 CFR Part 314)
1 source controls mapped|1 target controls covered
20%
Ghana Cybersecurity Act
1 source controls mapped|3 target controls covered
20%
GLBA
1 source controls mapped|2 target controls covered
20%
HITECH Act
1 source controls mapped|1 target controls covered
20%
HKMA SPM
1 source controls mapped|1 target controls covered
20%
20%
IEEE 1686
1 source controls mapped|1 target controls covered
20%
India CERT-In Cyber Security Directions 2022
1 source controls mapped|1 target controls covered
20%
India DPDP Act
1 source controls mapped|1 target controls covered
20%
Indiana Consumer Data Protection Act
1 source controls mapped|1 target controls covered
20%
Indonesia PDP Law
1 source controls mapped|2 target controls covered
20%
Iowa Consumer Data Protection Act
1 source controls mapped|2 target controls covered
20%
ISMAP (Japan)
1 source controls mapped|1 target controls covered
20%
Jamaica Data Protection Act 2020
1 source controls mapped|2 target controls covered
20%
Japan FSA Cybersecurity Guidelines for Financial Institutions
1 source controls mapped|1 target controls covered
20%
Kentucky Consumer Data Protection Act
1 source controls mapped|2 target controls covered
20%
South Korea PIPA
1 source controls mapped|2 target controls covered
20%
Laos Law on Prevention and Combating Cybercrime (2015)
1 source controls mapped|1 target controls covered
20%
Law No. 172-13 on the Protection of Personal Data
1 source controls mapped|1 target controls covered
20%
Ley Orgánica de Protección de Datos Personales (LOPDP)
1 source controls mapped|1 target controls covered
20%
LGPD
1 source controls mapped|1 target controls covered
20%
Liechtenstein DPA
1 source controls mapped|1 target controls covered
20%
Malaysia PDPA 2010
1 source controls mapped|2 target controls covered
20%
Maryland Online Data Privacy Act of 2024
1 source controls mapped|2 target controls covered
20%
Mauritius DPA
1 source controls mapped|1 target controls covered
20%
Mexico LFPDPPP
1 source controls mapped|1 target controls covered
20%
Minnesota Consumer Data Privacy Act
1 source controls mapped|1 target controls covered
20%
Monetary Authority of Singapore Technology Risk Management Guidelines
1 source controls mapped|1 target controls covered
20%
Montana Consumer Data Privacy Act
1 source controls mapped|1 target controls covered
20%
MTCS (Singapore)
1 source controls mapped|2 target controls covered
20%
Nebraska Data Privacy Act
1 source controls mapped|4 target controls covered
20%
NERC CIP
1 source controls mapped|1 target controls covered
20%
Nevada Gaming Control Board Cybersecurity Requirements
1 source controls mapped|1 target controls covered
20%
New Hampshire Data Privacy Act
1 source controls mapped|1 target controls covered
20%
New Jersey Data Privacy Act
1 source controls mapped|2 target controls covered
20%
Nigeria Data Protection Act 2023 (NDPA)
1 source controls mapped|4 target controls covered
20%
Nigeria Data Protection Regulation (NDPR)
1 source controls mapped|1 target controls covered
20%
Nigeria Open Banking Regulatory Framework (CBN, 2023)
1 source controls mapped|1 target controls covered
20%
NIS2 Directive
1 source controls mapped|2 target controls covered
20%
NIS2 Directive Implementing Acts
1 source controls mapped|1 target controls covered
20%
NIST SP 800-122
1 source controls mapped|1 target controls covered
20%
NIST SP 800-144
1 source controls mapped|1 target controls covered
20%
NIST SP 800-145
1 source controls mapped|1 target controls covered
20%
NIST SP 800-146
1 source controls mapped|1 target controls covered
20%
20%
Protective Security Policy Framework (PSPF) Release 2024
1 source controls mapped|1 target controls covered
20%
PSD2 SCA
1 source controls mapped|2 target controls covered
20%
Qatar DPL
1 source controls mapped|2 target controls covered
20%
Privacy Act 2020
1 source controls mapped|1 target controls covered
20%
POPIA
1 source controls mapped|1 target controls covered
20%
Peru DPL
1 source controls mapped|2 target controls covered
20%
Personal Data Act (personopplysningsloven)
1 source controls mapped|1 target controls covered
20%
PDPA Thailand
1 source controls mapped|1 target controls covered
20%
PDPA Singapore
1 source controls mapped|1 target controls covered
20%
Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)
1 source controls mapped|1 target controls covered
20%
Pakistan Personal Data Protection Bill 2023
1 source controls mapped|1 target controls covered
20%
OWASP DevSecOps Maturity Model (DSOMM)
1 source controls mapped|1 target controls covered
20%
OSFI B-13
1 source controls mapped|3 target controls covered
20%
Oregon Consumer Privacy Act
1 source controls mapped|1 target controls covered
20%
Open Banking Security
1 source controls mapped|2 target controls covered
20%
Oman National Cybersecurity Framework
1 source controls mapped|1 target controls covered
20%
NRF Cybersecurity and Data Privacy Framework (National Retail Federation)
1 source controls mapped|1 target controls covered
20%

Frequently Asked Questions

What is Singapore Cybersecurity Act 2018?

Singapore Cybersecurity Act 2018 is a compliance framework from Singapore with 5 domains and 5 controls. The Singapore Cybersecurity Act 2018 establishes a legal framework for the oversight and maintenance of national cybersecurity. It designates Critical Information Infrastructure (CII) sectors, establishes the Cyber Security Agency of Singapore (CSA) as the regulatory authority, and provides for incident reporting, cybersecurity audits, and penetration testing. The 2024 amendments expand coverage to encompass entities of special cybersecurity interest and foundational digital infrastructure. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Singapore Cybersecurity Act 2018 have?

Singapore Cybersecurity Act 2018 has 5 controls organised across 5 domains. The largest domains are CII (1 controls), Enforcement (1 controls), Incident Reporting (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Singapore Cybersecurity Act 2018 map to?

Singapore Cybersecurity Act 2018 maps to 95 other compliance frameworks. The top mapping partners are BSI IT-Grundschutz (20% coverage), Vietnam Law on Cybersecurity (No. 24/2018/QH14) (20% coverage), US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule (20% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Singapore Cybersecurity Act 2018 compliance?

Start your Singapore Cybersecurity Act 2018 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Singapore Cybersecurity Act 2018 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 5 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required