← Frameworks / Regulatory

MAS Technology Risk Management Guidelines

Mandatory technology risk management guidelines for financial institutions regulated by the Monetary Authority of Singapore. Covers 15 domains including technology risk governance, IT resilience, access control, cryptography, data and infrastructure security, cyber security operations, and IT audit.

Clauses: 14

Avg Coverage: 79.4%

Publisher: Monetary Authority of Singapore Version: 2021

MAS TRM → SP 800-53 SP 800-53 → MAS TRM Coverage Analysis

Clause	Title	SP 800-53 Controls
3	Board and Senior Management Oversight	PM-01 PM-02 PM-03 PM-09 PS-09
4	Technology Risk Management Framework	PM-01 PM-09 RA-01 RA-03 PM-28 RA-07 RA-09 PL-09
5	IT Project Management and Security-by-Design	SA-03 SA-04 SA-08 SA-15 SA-17 PM-07 SA-20
6	Software Application Development and Management	SA-03 SA-08 SA-10 SA-11 SA-15 SA-16 SA-17 SA-20 SA-21 CM-14
7	IT Service Management	CM-03 SI-02 IR-04 CA-07 SI-13
8	IT Resilience	CP-01 CP-02 CP-03 CP-04 CP-05 CP-06 CP-07 CP-08 CP-09 CP-10 CP-11 CP-12 CP-13 SC-24 SI-17
9	Access Control	AC-01 AC-02 AC-03 AC-04 AC-05 AC-06 AC-07 AC-08 AC-09 AC-10 AC-11 AC-12 AC-13 AC-14 AC-15 AC-16 AC-17 AC-18 AC-19 AC-20 AC-21 AC-22 AC-23 AC-24 AC-25 IA-01 IA-02 IA-03 IA-04 IA-05 IA-06 IA-07 IA-08 IA-09 IA-10 IA-11 IA-12
10	Cryptography	SC-12 SC-13 SC-28 SC-08 SC-40
11	Data and Infrastructure Security	SC-07 CM-02 CM-06 CM-07 SI-03 SI-04 MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 CM-12 SC-41 SI-16
12	Cyber Security Operations	SI-04 AU-06 IR-04 CA-07 PM-16 RA-10 SC-44 SC-26
13	Cyber Security Assessment	CA-02 CA-08 RA-05 PM-14 RA-09
14	Online Financial Services	SC-07 SC-08 IA-02 AC-17 SC-13 SC-23 SC-45
15	Payment Card Security	SC-07 SC-28 AC-03 AU-02
16	Technology Risk Arising from Third Party Arrangements	SA-04 SA-09 SR-01 SR-02 SR-03 SR-06 SA-21