The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in collaboration with CISA, the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ), has released new guidance titled “Secure by Design: Choosing Secure and Verifiable Technologies.” This document aims to assist organizations in making secure and informed decisions when procuring digital products and services. The guidance offers a range of internal and external considerations and provides sample questions that can be used at each stage of the procurement process to ensure security is a top priority.
This collaborative effort emphasizes the importance of integrating secure by design principles into the procurement of digital products and services. It also outlines steps manufacturers should take to align their development processes with these principles, promoting a culture of security from the ground up. Organizations are encouraged to utilize this guidance to enhance their cybersecurity posture by making informed choices that prioritize security and verifiability.
CISA and its international partners highlight the significance of this guidance in helping organizations navigate the complex landscape of digital product procurement. By following the secure by design considerations, organizations can better protect themselves against cyber threats and vulnerabilities. The document is a crucial resource for both procurers and manufacturers, fostering a more secure digital ecosystem.
To learn more about secure by design principles and practices, organizations and manufacturers are encouraged to visit CISA’s Secure by Design webpage. This resource provides additional information and tools to support the adoption of secure by design methodologies, ensuring that security is embedded throughout the product lifecycle.
