The proposed eligibility criteria for successful application for this Tax Allowance are as follows:

1. The applying company must be registered and in good standing with the Registrar General’s Company’s Registry and Company’s Ordinance

2. The applying company must be the end user of the Cybersecurity Software or Network Security Monitoring Equipment.

a. Resellers, vendor, distributors, etc.; can only apply for this allowance for items to be used in their own operation, and not items for resale or transfer to another entity.

3. The expenditure must be made within the calendar years of 2024 and 2025.

a. Receipt of the software or tool can be done outside the timeframe stipulated.

b. Installation date does not have to be within the period.

c. Items that have been returned or rebated are not eligible for this allowance, regardless of when the item was returned or rebated.

d. Where a PO is generated within the Allowance period but the expenditure is made thereafter, such applications will not be valid.

4. VAT will be considered in either of the following ways:

a. If a company is VAT Registered, the allowance will be only applicable on the VAT Exclusive cost associated;

b. If a company is not VAT Registered, the allowance will be processed on the full VAT Inclusive cost associated with the investment.

5. The Allowance will be applicable to any new purchases, as well as expenses such as subscriptions, cloud service purchases, licence purchases, etc.

Security standards and certifications of compliance are used to assure information security best practices are designed into the manufacture of cybersecurity products. 

Benefits of standards are:

1. Provides assurance concerning the effectiveness and reliability of cybersecurity and network monitoring software.

2. Provides assurance the provider adheres to the acquiring organisation’s requirements for secured data access and protects the confidentiality of data.

3. Assists the acquiring organisation’s IT vendor risk assessment and management.

4. Mitigates the risk that incremental risks will be introduced to the acquiring organisation’s business environment.

5. Provides the acquirer independent, third-party security certificates of compliance via annual security audits in the case of SOC 2 Type II and ISO/IEC 27001 that the provider’s information security programme is robust.

6. Minimises the impact where the right-to-audit a provider has not been established and provides an inexpensive route for the acquirer to be assured of the cybersecurity maturity of the provider’s products and services.

Relevant standards and certification of compliance for cybersecurity software and network security monitoring equipment include:

1. ISO/IEC 27001: The standards provides a framework for implementing, managing, and maintaining an organisation’s information security management system and for the operation of network security monitoring systems.

2. SOC 2 (System and Organization Controls 2): Developed by the American Institute of CPAs (AICPA), SOC 2 , SOC 2 reports provide assurance on the controls related to security, availability, processing integrity, confidentiality, and privacy of the provider’s organization’s cybersecurity software and network monitoring products.

3. NIST Cybersecurity Framework and NIST SP 800-53: Developed by the National Institute of Standards and Technology (NIST), this framework provides guidance on managing and reducing cybersecurity risks. It consists of a set of standards, guidelines, and best practices that help organizations improve their cybersecurity posture. NIST Special Publication 800-53: This publication provides security controls for federal information systems and organizations. It includes controls specifically related to continuous monitoring.

4. PCI (Payment Card Industry): This body provides a set of security standards designed to ensure that all companies and vendors that accept, process, store, or transmit credit card information maintain a secure environment. Examples of relevant PCI standards for security software are PCI PINS and PCI ASV.

5. Common Criteria (ISO/IEC 15408): Common Criteria is an international standard for evaluating the security features and capabilities of IT products. It provides a framework for specifying security requirements and for evaluating the security functions of products.

6. FIPS (Federal Information Processing Standards): FIPS are standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors. FIPS standards cover various aspects of information security, including encryption algorithms and cryptographic modules.

7. ISO/IEC 27017: This standard specifically focuses on cloud security, providing additional guidance and controls for cloud service providers, that are managed security service providers and third-party market place security as a service organisation, and their customers. ISO/IEC 27017 supplements ISO/IEC 27001 by addressing specific cloud-related security concerns.

8. GDPR (General Data Protection Regulation): Compliance with GDPR is crucial for in-house solutions and cloud providers that handle personal data of European Union (EU) residents. GDPR mandates various security and privacy measures, including data encryption, data minimization, and user consent mechanisms.

9. HIPAA (Health Insurance Portability and Accountability Act: HIPAA sets standards for protecting sensitive patient health information (PHI) and requires safeguards such as access controls, encryption, and auditing.

10. CSA STAR (Cloud Security Alliance Security, Trust & Assurance Registry): CSA STAR provides a registry of cloud service providers (CSPs), including those that are managed security service providers and third-party market place security-as-a-service organisations, that have completed the Consensus Assessments Initiative Questionnaire (CAIQ) and undergone third-party assessments against the Cloud Controls Matrix (CCM).

11. Cybersecurity Capability Maturity Model (CCMM) and Cybersecurity Maturity Model Certification (CMMC) are a framework and certification process developed by the United States Department of Defense (DoD). CMMC provides a structured approach to evaluating and improving cybersecurity capabilities, ensuring that contractors and suppliers meet specific security requirements when handling sensitive government information.

Cybersecurity software refers to a category of specialized programs and applications designed to safeguard computer systems, networks, and data from unauthorized access, attacks, and other security threats. These software solutions are developed to detect, prevent, respond to, and recover from a wide range of cyber threats, including malware, ransomware, phishing attacks, and more.

Key elements of cybersecurity software include:
1. Prevention: Cybersecurity software aims to prevent security incidents by implementing protective measures such as firewalls, antivirus, and intrusion detection systems.
2. Detection: These programs actively monitor and analyse system activities, network traffic, and user behaviour to identify and alert on potential security threats.
3. Response: In the event of a security incident, cybersecurity software facilitates a coordinated response, helping organizations contain and mitigate the impact of the threat.
4. Recovery: Cybersecurity software contributes to the recovery process by assisting in restoring affected systems, data, and services to a secure and operational state.

The following list provides a breakdown of the categories of software, with examples, of what will be considered valid for the Tax Allowance.

Please note that as this industry is always evolving, this list is non-exhaustive.

Types of Cybersecurity Software
1. Antivirus and Anti-Malware:
Detects, prevents, and removes malicious software, including viruses, worms, and trojans.

2. Software Firewall:
Controls and monitors incoming and outgoing network traffic based on predetermined security rules.

3. Intrusion Detection and Prevention Systems (IDPS):
Monitors network or system activities for malicious or suspicious behaviour and takes action to prevent or stop detected threats.

4. Virtual Private Network (VPN):
Secures network connections over the internet, ensuring confidentiality and privacy.

5. Encryption Software:
Protects sensitive data by converting it into a secure code, making it unreadable without the appropriate decryption key.

6. Endpoint Protection:
Secures individual devices (endpoints) from cyber threats, including antivirus, anti-malware, and device control.

7. Data Loss Prevention (DLP):
Monitors, detects, and prevents unauthorized access, sharing, or leakage of sensitive data.

8. Identity and Access Management (IAM):
Manages and controls user identities, access permissions, and authentication processes.

9. Multi-Factor Authentication (MFA):
Requires users to provide multiple forms of identification to access systems or data.

10. Network Traffic Analysers:
Solutions, both hardware appliances and software applications, that analyse network traffic patterns, protocols, and behaviours to identify anomalies and potential security threats.

11. Security Information and Event Management (SIEM):
Collects, analyses, and correlates log data from various sources to identify and respond to security incidents.

12. Security Orchestration, Automation, and Response (SOAR):
Streamlines and automates security processes to improve response times and reduce manual efforts.

13. Security Awareness Training:
Provides training modules to educate users on cybersecurity best practices and raise awareness about potential threats.

14. Web Application Firewall (WAF):
Protects web applications from various attacks, including SQL injection and cross-site scripting (XSS).

15. Incident Response Platforms:
Facilitates the organization’s response to cybersecurity incidents, including communication, coordination, and remediation.

16. Backup and Disaster Recovery (DR):
Ensures data backup and recovery processes are in place to minimize downtime and data loss in the event of a cyber incident.

17. Mobile Device Management (MDM):
Manages and secures mobile devices, enforcing policies and ensuring compliance.

18. Vulnerability Management:
Identifies, assesses, and prioritizes vulnerabilities in systems and networks.

19. Patch Management:
Ensures that software, operating systems, and applications are up-to-date with the latest security patches.

20. Forensic Tools:
Assists in the investigation and analysis of security incidents, helping to identify the root cause and extent of a breach.

21. Governance, Risk Management, and Compliance (GRC):
Assists in managing and mitigating cybersecurity risks while ensuring compliance with regulatory requirements.

22. Container Security:
Secures containers and containerized applications, addressing the unique security challenges in containerized environments.

23. Cloud Security:
Addresses security challenges associated with cloud computing, including data protection, identity management, and compliance.

24. Threat Intelligence Platforms:

Aggregates, analyses, and shares threat intelligence to enhance proactive threat detection and response.

25. Security Assessment and Penetration Testing:
Conducts simulated cyberattacks to identify vulnerabilities and weaknesses in systems and networks.

26. Security Analytics:
Analyses large sets of data to uncover patterns and trends indicative of potential security threats.

27. Artificial Intelligence (AI) and Machine Learning (ML) Security:
Utilizes AI and ML algorithms to enhance threat detection, incident response, and security automation.

28. Network Behaviour Analysis (NBA) Tools:
Software solutions that analyse network behaviours, identifying deviations from normal patterns and aiding in the detection of unusual or suspicious activities.

29. Facial Recognition and Biometric Security:
Provides identity verification through facial recognition, fingerprint scans, or other biometric measures.

30. Application Security Testing (AST):
Identifies and addresses security vulnerabilities in software applications through testing and analysis.

31. Threat Intelligence Platforms:

Software platforms that integrate threat intelligence feeds and data to enhance the identification of known and emerging threats within network traffic.

32. Security Awareness and Phishing Simulation Tools:
Conducts simulated phishing exercises and provides training to educate users on recognizing and avoiding phishing attacks.

Cybersecurity cloud services and online platforms will also fall under the category of Software and will be eligible for the Tax Allowance under this process.

Network Security Monitoring (NSM) Equipment

Network Security Monitoring (NSM) equipment refers to specialized hardware and software solutions designed to actively and passively monitor and analyse network traffic for the purpose of detecting and responding to security incidents. The primary goal of NSM is to provide real-time visibility into the activities occurring within a network, identifying potential security threats, anomalies, or malicious behaviour.

Key aspects of NSM equipment include:

1. Traffic Analysis: NSM equipment performs continuous analysis of network traffic, examining packets, sessions, and protocols to identify patterns indicative of security incidents or suspicious activities.

2. Packet Capture and Inspection: NSM tools capture and inspect network packets to analyse the contents of communication, allowing for the identification of malicious payloads, vulnerabilities, or abnormal behaviour.

3. Anomaly Detection: NSM equipment employs algorithms and heuristics to detect deviations from established baselines, signalling potential security threats or abnormal network behaviour.

4. Intrusion Detection and Prevention: NSM devices may include intrusion detection and prevention capabilities to identify and block known or suspected malicious activities.

5. Logging and Logging Analysis: NSM solutions generate detailed logs and event data, which can be further analysed for forensic purposes, compliance reporting, and ongoing security monitoring.

6. Incident Response Support: NSM equipment assists in incident response efforts by providing timely alerts, contextual information, and data required for investigating and mitigating security incidents.

7. Network Forensics: NSM tools often include features for capturing and storing historical network data, facilitating forensic analysis and retrospective investigation of security incidents.

8. Security Information and Event Management (SIEM) Integration: NSM equipment is often integrated with SIEM solutions to correlate and analyse network security events within the broader context of an organization’s security posture.

The following list provides a breakdown of the categories of NSM equipment, with examples, of what will be considered valid for the Tax Allowance.

Please note that as this industry is always evolving, this list is non-exhaustive.

Type of Network Security Monitoring Equipment
1. Network Intrusion Detection Systems (NIDS):
Physical appliances designed to passively monitor and analyse network traffic, detecting patterns indicative of security threats.

2. Network Intrusion Prevention Systems (NIPS):
Devices that build on NIDS capabilities but also have the ability to actively prevent or block identified malicious traffic.

3. Packet Sniffers:
Tools or devices that capture and analyse network packets, providing detailed insights into the content and structure of data flowing through a network.

4. Flow-based Network Security Monitoring:
Solutions that focus on analysing network flows, providing insights into communication patterns, data transfer, and potential security incidents based on flow data.

5. Deep Packet Inspection (DPI) Appliances:
Devices that inspect the content of network packets at a deep level, allowing for detailed analysis of application-layer protocols and identification of malicious payloads.

6. Network Forensics Appliances:
Hardware appliances designed to capture and store network traffic data for forensic analysis, facilitating the investigation of security incidents.

7. DNS Security Appliances:
Tools or devices designed to monitor and secure DNS (Domain Name System) traffic, helping detect and prevent DNS-related security threats.

8. SSL/TLS Decryption Appliances:
Devices that decrypt and inspect encrypted SSL/TLS traffic to identify and block potential threats hiding in encrypted communications.