CSA CLS banner

Benefits of the CSA Cybersecurity Labelling Scheme (CLS)

Raise cybersecurity hygiene levels in consumer smart devices

Raise cybersecurity hygiene levels in consumer smart devices

As an effort to improve IoT cybersecurity, the Cyber Security Agency of Singapore (CSA) launched the Cybersecurity Labelling Scheme (CLS) for consumer smart devices. TÜV SÜD can facilitate and review your smart devices based on CSA's CLS Levels 1 to 4. TÜV SÜD PSB is an approved Cybersecurity Labelling Scheme (IoT) Test Laboratory by CSA. 

BENEFITS OF CSA cybersecurity labelling scheme

  • Gain competitive edge – by complying to the CSA requirements for smart devices and allow consumers to understand the cybersecurity of the your product
  • Minimise risks – by testing your smart devices according to an established cybersecurity guideline from the Singapore government
  • Proof of quality – by using the CLS mark to signal the cybersecurity of your smart devices to the consumers

WHAT IS THE CSA cybersecurity labelling scheme?

As an effort to improve the IoT cybersecurity, the Cyber Security Agency of Singapore (CSA) has launched the Cybersecurity Labelling Scheme (CLS) for consumer smart devices. This will help to raise the overall cybersecurity hygiene levels in smart devices and better secure the cyberspace of Singapore. As of Jan 2021, the CLS Security scheme covers all type of consumer IoT devices.

Under the CLS, there are 4 levels of cybersecurity provisions that the smart devices can be rated into. The CLS is represented by one, two, three, or four asterisks corresponding to level 1 through 4. Each additional asterisk represents an additional level of testing and assessment that the smart devices has comply with.

Below is a breakdown of the cybersecurity provisions for each level:

  • Level 1 - Security Baseline Requirements 
    The product meets basic security requirements such as ensuring unique default passwords and providing software updates.
  • Level 2 - Adherence to International Standard 
    The product has been assessed to a set of International Standard (based on all mandatory requirements within the ETSI EN 303 645) in the devices, and fulfilled Level 1 requirements.
  • Level 3 - Lifecycle Requirements + Software Binary Analysis
    The product has been developed using the principles of Security-by-Design such as conducting threat risk assessment, critical design review and has undergone assessment of software binaries by approved third-party test labs, and fulfilled Level 2.
  • Level 4 - Penetration Testing
    The product has undergone structured penetration testing by approved third-party test labs and fulfilled Level 3 requirements.

Singapore has mutual recognition with Finland and Germany for the cybersecurity labels issued: 

  • Products with the Finnish Cybersecurity Label issued by Transport and Communications Agency of Finland (Traficom) are mutually recognised under CSA's CLS Level 3 and vice versa.

  • Products with the IT Security Label under Germany's Federal Office for Information Security (BSI) will be recognised under CSA's CLS Level 2 and vice versa.


As most consumers do not understand the technicalities and the information on the amount of cybersecurity that is built into smart devices is not readily available, consumers are not able to make informed decisions when buying such smart devices. With the introduction of CLS, consumers are able to understand the level of cybersecurity measures that have been tested on the smart devices and assist in making their purchase decisions.

Contact Title

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna.

Register Now