CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords

Release Date

Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design (SbD) Alert series.

This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of the joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software:

  • Take ownership of customer security outcomes.
  • Build organizational structure and leadership to achieve these goals. 

By implementing these two principles in their design, development, and delivery processes, software manufactures will prevent exploitation of static default passwords in their customers’ systems. CISA urges technology manufacturers to read and implement the guidance in this second SbD Alert in our new series that focuses on how vendor decisions can reduce harm at a global scale.

This product is provided subject to this Notification and this Privacy & Use policy.