Publication

Joint international guidance: Principles and approaches to secure-by-design and by-default

About

Publication date: 2023

Contact website

Actor

Type

Themes & Topics

About

CERT NZ alongside the cybersecurity authorities of Australia, Canada, United States, United Kingdom, Germany, and Netherlands have published “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default.”

Details

The joint guidance urges software manufacturers to the steps necessary to ship products that are secure-by-design and -default, creating a future where technology and associated products are safe for customers.

Security-by-Design and -Default | CISA External Link

The joint agencies urge manufacturers to revamp their design and development programs to permit only products that secure-by-design and -default to be shipped to customers.

This guidance, the first of its kind, is intended to catalyse progress toward further investments and cultural shifts necessary to achieve a safe and secure future. In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products.

  • Shifting the burden of security from the customers by taking ownership of the security outcomes of their products. Making a secure configuration the default baseline, in which products automatically enable the most important security controls needed to protect enterprises from malicious cyber actors.
  • Embracing radical transparency and accountability – for example, by ensuring vulnerability advisories and associated common vulnerability and exposure (CVE) records are complete and accurate.
  • Building an organizational structure that provides executive level commitment for software manufacturers to prioritise security as a critical element of product development.

The full co-branded guidance can be found on the Cybersecurity and Infrastructure Security Agency (CISA) website.

Security-by-Design and -Default | CISA External Link

Many private sector partners have made invaluable contributions toward advancing security-by-design and security-by-default. With this joint guide, the authoring agencies seek to progress an international conversation about key priorities, investments, and decisions necessary to achieve a future where technology is safe, secure, and resilient by design and default.

Other resources
Project

EU External Cyber Capacity Building training for the Western Balkans, Eastern Partnership and Southern Neighbourhood

Implementors

Themes & Topics

 

Publication

Global Cyber Expertise Magazine – Issue 9 – June 2021

Authors

Year

  • 2021

Description

  • The Global Cyber Expertise Magazine is a bi-annual magazine on global cyber policy developments and …

 

Project

M-Root Deployment: Streamlining M-Root deployment and operations by improving process and automation in Asia Pacific

Implementors

Themes & Topics

 

Project

Global Cyber Alliance

Beneficiary Countries

Beneficiary groups

Implementors

Themes & Topics