Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Our programmes
  3. Certification and Labelling Schemes
  4. Cybersecurity Labelling Scheme for Medical Devices - CLS(MD)
  5. CLS(MD) Sandbox

CLS(MD) Sandbox

Manufacturers are invited to participate in the sandbox to test out and give feedback on the requirements and application processes.

Last updated 20 January 2025

[20 July 2024 Update]

We would like to announce that applications for the Cybersecurity Labelling Scheme for Medical Devices [CLS(MD)] Sandbox has closed and no new applications will be accepted. For manufacturers who are still interested in participating in the CLS(MD), we encourage you to keep a lookout on the CLS(MD) webpage for further updates and information.

Announced at the Singapore International Cyber Week 2023, the Cybersecurity Labelling Scheme for Medical Devices [CLS(MD)] Sandbox is open for application starting 20 October 2023, 10am.

Under the sandbox, Manufacturers are invited to participate in the sandbox to test out and give feedback on the requirements and application processes by putting their medical devices through the different assessments, such as the declaration of conformity against the baseline/enhanced security requirements, software binary analysis, penetration testing, and security evaluation. Medical device manufacturers to have a first-mover advantage in enhancing the security of their products.

The Sandbox will run for nine months and the feedback and learnings from the sandbox will be used to refine the requirements and operational workflow of the scheme where necessary.

Applications for the Sandbox will be open for all four levels of rating under the CLS(MD).

Cybersecurity Levels

CLS(MD) cybersecurity levels

The CLS(MD) comprises four levels of rating, corresponding to the number of crosses on the label.

CLS(MD) levels and its requirements

Level

Requirement

Level 1

The product meets baseline cybersecurity requirements.

Level 2

The product meets enhanced cybersecurity requirements.

Level 3

The product meets enhanced cybersecurity requirements and will be required to pass independent third-party software binary analysis and penetration testing.

Level 4

The product meets enhanced cybersecurity requirements and will be required to pass independent third-party software binary analysis and security evaluation.

Application

Applications for the Sandbox can be made at https://www.gobusiness.gov.sg. Kindly note that the submission of the application via GoBusiness Licensing Portal does not imply the acceptance of the application under the Sandbox by CSA. Upon submission, the application will be reviewed by CSA prior to its acceptance under the Sandbox. CSA will formally confirm the acceptance of the CLS(MD) Sandbox application via email. Applicants may refer to the “GoBusiness Licensing Portal Application Guide for instructions on application via GoBusiness Licensing Portal:

Link to the list of approved CLS(MD) testing laboratories.

For further enquiries, please kindly reach out to cls_md@csa.gov.sg.