Loading...
Loading...
Cybersecurity built for the federal centre. Methodology aligned to MAMPU, PEKKA and the Cyber Security Act 2024. Delivered on-site to ministries, federal agencies and statutory bodies across the federal administrative capital.
Putrajaya is the seat of Malaysia's federal executive — Bank Negara Malaysia's Putrajaya complex, the Ministry of Finance, the Ministry of Science Technology and Innovation, the Ministry of Communications, the Prime Minister's Department and the bulk of the federal ministerial estate. It is where federal cybersecurity policy is set, where National Critical Information Infrastructure designation decisions originate, and where the MyDigital and Cyber Security Act 2024 operating tempo is defined.
For a cybersecurity provider, working in Putrajaya means working to a different bar — government-grade evidence discipline, alignment to the published federal frameworks (MAMPU's ICT governance, PEKKA's cybersecurity baselines), and a procurement and assurance language that is materially different from the commercial sector. nCrypt scopes our federal engagements against this bar from the first scoping call onward.
Geographically, Putrajaya sits 25 kilometres south of Kuala Lumpur and 20 kilometres north of KLIA, connected by KLIA Transit and the ELITE / MEX trunk roads. Our Klang Valley delivery team mobilises on-site within an hour for scoping calls and workshops, and within four hours for incident-response engagements as part of our IR retainer SLA.
Three frameworks define the operating language of federal cybersecurity in Malaysia. MAMPU (Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia) governs federal ICT modernisation and the public sector ICT operating model — including data centre standards, application architecture and the assurance posture for federal-tier ICT. PEKKA, in its current iteration of federal cybersecurity governance, sets out the controls baselines and assurance expectations agencies are expected to meet. The Cyber Security Act 2024, administered by NACSA, provides the legal and regulatory architecture for National Critical Information Infrastructure designation, mandatory incident reporting and licensed cybersecurity service provider procurement.
nCrypt's federal engagements are scoped to satisfy all three. Findings are reported in the language MAMPU and PEKKA use, mapped to the obligations the Act creates, and structured so that the agency's internal cybersecurity unit can operationalise the recommendations directly. We do not deliver commercial-grade reports into a federal context expecting the agency to translate.
Cabinet ministries headquartered across the federal complex — penetration testing, ISMS readiness, incident response retainer.
Federal-tier statutory bodies and agencies operating under ministerial mandates — RMiT-adjacent regulated entities, sectoral regulators and operational agencies.
Government-linked companies and investment companies with Putrajaya HQ — commercial-grade engagement scoped to GLIC governance expectations.
nCrypt is in the process of formal NACSA cybersecurity service provider licensing under the Cyber Security Act 2024 and is positioning for relevant MAMPU and ministry-tier procurement panels as those mechanisms publish their refreshed criteria. We deliver to federal agencies today through direct engagement and through our role on relevant prime contractor and SI subcontracts. We are happy to walk through procurement-route options on a scoping call.
MAMPU (Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia) is the federal agency responsible for ICT modernisation, governance and the public sector ICT framework. PEKKA (or its current iteration of federal cybersecurity governance documents) sets out the cybersecurity baselines that federal agencies are expected to meet. nCrypt scopes federal engagements against the published MAMPU and PEKKA expectations — meaning the deliverable is structured to map to the audit and assurance language the agency's own internal cybersecurity unit is operating in. This dramatically shortens the agency's path from our report to internal action.
NACSA (National Cyber Security Agency) is the cybersecurity coordination authority under the Cyber Security Act 2024 and is the regulator most federal agencies will increasingly interact with on incident reporting, NCII designation and licensed-provider procurement. Working with a provider that scopes engagements against NACSA's framework — and that is proximate physically and procedurally to NACSA's evolving guidance — reduces the friction of reconciling our findings against the regulator's emerging expectations.
We handle confidential commercial and personal data routinely under formal NDA and ISO 27001-aligned information handling controls (our ISMS is currently undergoing audit). For formally classified federal material under government information classification regimes, we work to the agency's own classified-handling instructions and personnel-vetting requirements as scoped contractually. Discuss your specific classification context on the scoping call.
Our delivery team is headquartered in Sunway Geo Avenue in the Klang Valley, approximately 30-40 minutes by KLIA Transit or trunk-road from Putrajaya depending on traffic. We deliver on-site at agency premises in Putrajaya and at the federal cyber estate across the Klang Valley as scoped — workshops, assessments, debriefs and incident-response engagements run on the agency's premises by default unless secure remote engagement is preferred.
30-minute scoping call. MAMPU/PEKKA-aligned methodology. NACSA Cyber Security Act 2024 readiness for federal agencies and statutory bodies.
Request Federal Scoping Call