Integrated anti-malware, firewall and backup
Integrated package of cybersecurity solutions including anti-malware, firewall and backup solutions to support organisations in addressing a subset of the requirements in CSA Cyber Essentials mark.
Instructions
This page helps you prepare "Solution Requirements" section in Vendor Management Portal and you will see the exact questions and flow.
🔴 Mandatory questions: Must answer "Yes" to continue
🟡 Preferred questions: Can answer either way and continue
Follow the question flow as indicated
Q1 🔴 Mandatory - Integrated Security Suite
Main Question: Does your solution include virus/malware protection, firewall, and backup capabilities as part of an integrated suite from a single vendor, to provide seamless delivery to the customer?
🔴 Answer: ○ Yes [Next: Q2] ○ No [⚠️ Cannot Proceed]
Q2 🟡 Preferred - Cybersecurity Product Certification
Main Question: Has your solution undergone cybersecurity product certification?
🟡 Answer: ○ Yes [Next: Q3] ○ No [Next: Q4]
--
Q3 🔴 Mandatory Follow-up - Cybersecurity Product Certification - Elaboration
This question appears only if you answered "Yes" to Q2
Main Question: Please list all relevant cybersecurity certifications (e.g. Common Criteria (CC) or similar).
Click "Yes" to confirm you have completed the instructions.
🔴 Answer: ○ Yes [Next: Q4] ○ No [⚠️ Cannot Proceed]
Text Elaboration Required: [Text Box for Description/Details]
Q4 🔴 Mandatory - Virus/Malware Protection -Endpoint Attack Detection
Main Question: Does your solution support the detection of attacks in endpoints on the organisation's environment?
🔴 Answer: ○ Yes [Next: Q5] ○ No [⚠️ Cannot Proceed]
Q5 🔴 Mandatory - Virus/Malware Protection -Automated Virus and Malware Scanning
Main Question: Does your solution enable virus and malware scans to detect possible cyberattacks, where scans can be configured to be automated and remain active to provide constant protection?
🔴 Answer: ○ Yes [Next: Q6] ○ No [⚠️ Cannot Proceed]
Q6 🔴 Mandatory - Virus/Malware Protection -Automated Security Updates
Main Question: Does your solution enable auto-updates or support configuration to updates of signature files or equivalent (e.g. non-signature based machine learning solutions) to detect new malware? Updates should occur at least once daily.
🔴 Answer: ○ Yes [Next: Q7] ○ No [⚠️ Cannot Proceed]
Q7 🔴 Mandatory - Virus/Malware Protection -Automated File Scanning
Main Question: Does your solution support the ability to automatically scan the files upon access?
Scope Requirements: This includes files and attachments downloaded from the Internet through the web browser or email, and external sources such as from portable USB drives.
🔴 Answer: ○ Yes [Next: Q8] ○ No [⚠️ Cannot Proceed]
Q8 🔴 Mandatory - Firewall - Firewall Protection with Configuration
Main Question: Does your firewall solution support the protection of network, systems, and endpoints such as laptops, desktops, servers, and virtual environments, providing protection with configuration to analyse and accept only authorised network traffic into the organisation's network?
Firewall Type Requirements: Please indicate if the firewall solution is a: a. Host-based firewall b. Network perimeter firewall
🔴 Answer: ○ Yes [Next: Q9] ○ No [⚠️ Cannot Proceed]
Text Elaboration Required: [Text Box for Description/Details]
Q9 🔴 Mandatory - Back up - Business Data Backup
Main Question: Does your solution enable the organisation to back up essential business information (e.g. financial data, business transactions) from organisation's systems and keep them separate and isolated from the operating environment?
🔴 Answer: ○ Yes [Next: Q10] ○ No [⚠️ Cannot Proceed]
Q10 🔴 Mandatory - Back up - Backup Frequency Configuration
Main Question: Does your solution enable the organisation to configure the frequency of backups to align to its business requirements?
🔴 Answer: ○ Yes [Next: Q11] ○ No [⚠️ Cannot Proceed]
Q11 🔴 Mandatory - Back up - Backup Protection
Main Question: Does your solution support the protection of backups from unauthorised access and restrict access to authorised personnel only?
🔴 Answer: ○ Yes [Next: Q12] ○ No [⚠️ Cannot Proceed]
Q12 🟡 Preferred - IT Asset Management
Main Question: Does your solution maintain an up-to-date inventory of all hardware (including mobile devices, IoT devices, and other equipment) and software assets (including cloud subscriptions, services, and cloud-deployed software/operating systems) in the user organisation with all of the following features?
Asset Management Requirements: a. Identify and flag unauthorised assets or those reaching End-of-Support for replacement action b. Support organisational authorisation processes for onboarding new hardware and software c. Record authorisation dates in the asset inventory following dispensation approval d. Identify and facilitate removal of assets without proper approval dates
🟡 Answer: ○ Yes [Next: Q13] ○ No [Next: Q13]
Q13 🟡 Preferred - Data Asset Management
Main Question: Does your solution enable the organisation to identify, manage and maintain an up-to-date inventory of all business-critical data, minimally capturing the following fields:
Data Management Requirements: a. Description b. Data classification and/or sensitivity c. Location d. Retention period
🟡 Answer: ○ Yes [Next: Q14] ○ No [Next: Q14]
Q14 🟡 Preferred - Data Loss Prevention
Main Question: Does your solution provide protection from employees leaking confidential and/or sensitive data outside of the organisation?
🟡 Answer: ○ Yes [Next: Q15] ○ No [Next: Q15]
Q15 🔴 Mandatory - Professional Services Provision
Main Question: Does your company provide the following professional services:
Service Requirements: a. Installation and configuration b. Documentation of key deployment information of the solution c. Briefing for solution handover to customer
🔴 Answer: ○ Yes [Next: Q16] ○ No [⚠️ Cannot Proceed]
Q16 🔴 Mandatory - Dashboards and Reports
Main Question: Can your solution provide dashboards and reporting capabilities to track key metrics, user interactions, operational performance, or other relevant data insights across your digital solution?
Technical Requirements: Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users monitor, track and report cyber threats across networks and systems through data visualisation.
🔴 Answer: ○ Yes [Next: Q17] ○ No [⚠️ Cannot Proceed]
Q17 🟡 Preferred - AI Features
Main Question: Does your solution incorporate AI in your core features and functions?
🟡 Answer: ○ Yes [Next: Q18] ○ No [Next: Q19]
--
Q18 🔴 Mandatory Follow-up - AI Features - Elaboration
This question appears only if you answered "Yes" to Q17
Main Question: Describe your AI feature and its benefits. Examples are:
Feature Examples: a. Generate output, identify items, or provide recommendations based on training models to improve decision-making b. Recognise text, images to shorten time taken for manual inputs of forms c. Others, please specify
Click "Yes" to confirm you have completed the instructions.
🔴 Answer: ○ Yes [Next: Q19] ○ No [⚠️ Cannot Proceed]
Text Elaboration Required: [Text Box for Description/Details]
Q19 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)
Main Question: Are you the Product Principal of the solution that you are submitting for pre-approval?
🟡 Answer: ○ Yes [Next: Q20] ○ No [Next: Q22]
--
Q20 🟡 Preferred - CEM for Product Principal
This question appears only if you answered "Yes" to Q19
Main Question: Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?
Compliance Requirements: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.
Reference Information: Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/
🟡 Answer: ○ Yes [Next: Q21] ○ No [Assessment Finished]
--
Q21 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration
This question appears only if you answered "Yes" to Q20
Main Question: Please specify the following information:
Submission Requirements: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors ii. The cybersecurity certification the organisation has met iii. The scope of the certification
Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.
Click "Yes" to confirm you have completed the instructions.
🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]
Text Elaboration Required: [Text Box for Description/Details] Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload]
Q22 🟡 Preferred - CEM for Resellers
Main Question: Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?
Compliance Requirements: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.
Reference Information: Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/
🟡 Answer: ○ Yes [Next: Q23] ○ No [Assessment Finished]
--
Q23 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration
This question appears only if you answered "Yes" to Q22
Main Question: Please specify the following information:
Submission Requirements: i. The cybersecurity certification the organisation has met ii. The scope of the certification
Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.
Click "Yes" to confirm you have completed the instructions.
🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]
Text Elaboration Required: [Text Box for Description/Details] Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload]
Preparing for submission?
Your submission should contain screenshots and write-ups that clearly demonstrate compliance with each mandatory requirement sub-point. Contact us if you need help.
Last updated