Cybersecurity Code of Practice For Critical Information Infrastructure
– Second Edition (CCoP2.0) of Singapore

Thales helps CIIO to align the CCoP2.0 requirements of the Singapore Cybersecurity Act 2018 with a focus on Protection Requirements.


The Cyber Security Agency of Singapore (CSA) has published the Codes of Practice or Standards of Performance issued by the Commissioner of Cybersecurity for the regulation of owners of Critical Information Infrastructure (CII), in accordance with the Cybersecurity Act. The Cybersecurity Code of Practice for Critical Information Infrastructure – Second Edition (CCoP2.0) comes into effect from Jul. 4, 2022, superseding previous versions of the Code.

There is a grace period of 12 months on the compliance timeline for all clauses for the compliance of CCoP2.0, applicable to both existing and any newly designated CII.

  • Regulation
  • Compliance

The Cybersecurity Code of Practice For Critical Information Infrastructure – Second Edition (CCoP2.0) is intended to specify the minimum requirements that the critical information infrastructure owner (CIIO) shall implement to ensure the cybersecurity of the CII, due to the evolving cyber threat landscape with threat actors using sophisticated tactics, techniques, and procedures (TTPs) to attack CII sectors.

The CCoP 2.0 document addresses the key requirements for CII below.

  • Governance
  • Identification
  • Protection
  • Detection
  • Response and Recovery
  • Cyber Resiliency
  • Cybersecurity Training and Awareness
  • Operational Technology (OT) Security

Thales helps Critical Information Infrastructure (CII) to align the CCoP2.0 requirements with a focus on Protection Requirements through:

  • Access Control
  • Data Security & Cryptographic Key Management

Access Control

Thales Access Management and Authentication solutions provide both the security mechanisms and reporting capabilities organizations need to comply with CCOP2.0 requirements.

Data Security & Cryptographic Key Management

Protect: It is crucial to apply protective measures such as encryption or tokenization to sensitive data. To successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organization.

  • CipherTrust Database Protection provides high-performance and database encryption with granular access controls.
  • CipherTrust Tokenization offers file-level encryption with access controls, application-layer encryption, database encryption, static data masking, vaultless tokenization with policy-based dynamic data masking, and vaulted tokenization to support a wide range of data protection use cases.
  • CipherTrust Transparent Encryption (CTE) delivers data-at-rest encryption with centralized key management, privileged user access control and detailed data access audit logging.
  • CipherTrust Data Protection Gateway (DPG) enables transparent data protection to any RESTful web service or microservice leveraging REST APIs.

Monitor: Enterprises need to monitor access to sensitive data to identify ongoing or recent attacks from malicious insiders, privileged users, and other cyber threats.

  • CipherTrust Security Intelligence logs and reports streamline compliance reporting and speedup threat detection using leading Security Information and Event Management (SIEM) systems.

Control: CII Organizations require to control access to their data and centralize key management. Every data security regulation and mandate requires organizations to be able to monitor, detect, control, and report on authorized and unauthorized access to data and encryption keys.

  • The CipherTrust Data Security Platform (CDSP) delivers robust enterprise key management via Enterprise Key Management solutions to manage and protect keys on behalf of a variety of applications.
  • Thales Cipher Trust Cloud Key Manager (CCKM) centralizes encryption key management from multiple environments, presenting all supported clouds and even multiple cloud accounts in a single browser tab.

Recommended Resources

Singapore CCoP for Critical Information Infrastructure

Singapore CCoP for Critical Information Infrastructure 2.0 - eBook

As the leader in digital security and data protection, Thales has helped hundreds of enterprises comply with regulations worldwide by recommending the appropriate data protection technologies required to meet regulatory requirements. Thales enables CIIO to align the Singapore...

Data Security Compliance and Regulations - eBook

Data Security Compliance and Regulations - eBook

This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.

機密データ保護に必用とされる 組織の重要な柱とは - White Paper

機密データ保護に必用とされる 組織の重要な柱とは - White Paper

従来、組織のITセキュリティは主に境界防御に焦点を置き、壁 を築くことで外部からの脅威がネットワークに侵入するのを防 いでいました。これは依然として重要ではあるものの、十分では ありません。サイバー犯罪者は境界防御を頻繁に突破しており、 データはこうした防御の外側のクラウドなどに存在することが 多いため、組織は場所を問わずにデータを保護するデータ中心 のセキュリティ戦略を適用する必要があります。今日のデータ急 増や、世界と地域のプライバシー規制の進化、クラウド導入の拡 大、APT(持続的標的型攻撃)などに対応するため、データ中心...