PKTN stands for Produk Kriptografi Terpercaya Negara aims to enhance the utilisation of trusted cryptographic products within Malaysia’s government and Critical National Information Infrastructure (CNII) sectors.

The SPPPKTN Working Committee is tasked with evaluating cryptographic products against PKTN Criteria to determine their security, reliability, and appropriateness for use within CNII sectors. Meanwhile, the SPPPKTN Steering Committee holds the authority to approve eligible security products based on the findings presented by the SPPPKTN Working Committee. This committee grants the PKTN status to evaluated products.

The five information classifications are Public, Restricted, Confidential, Secret, and Top Secret. These classifications correspond to varying degrees of sensitivity and cater to the specific security requirements of Malaysia’s government and CNII sectors.

There are 3 categories for the PKTN criteria including:

1. General mandatory requirements comprise six (6) criteria covering areas such as product certification and implementation of the cryptographic product.

2. Cryptographic requirements comprise five (5) criteria that cover areas such as cryptography security strength, key management method, and vulnerability assessment. For each requirement, the vendor must provide additional information/documentation to support the application.

3. Merit criteria comprise three (3) criteria covering areas such as machine-to-machine authentication, post-quantum requirements, and non-post-quantum and forward secrecy requirements. For each requirement, the vendor must provide additional information/documentation to support the application (if any).

Yes, cryptographic products may be reclassified under different PKTN classifications based on changes in their security requirements or intended use cases. However, PKTN reevaluation is necessary.

While PKTN-certified products are highly recommended for use within Malaysia’s government and CNII sectors, their adoption may not be mandatory yet depending on specific regulatory requirements and organisational policies.

Yes, organisations outside of Malaysia’s government and CNII sectors can benefit from PKTN-certified products, as they offer enhanced security and reliability for various digital applications and services.