Publication

Security-by-Design and -Default

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default
Publish Date
Logos for Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand (CERT NZ, NCSC-NZ)

CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of AustraliaCanadaUnited KingdomGermanyNetherlands, and New Zealand (CERT NZNCSC-NZ) jointly developed Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default. This first-of-its-kind joint guidance urges manufacturers to take urgent steps necessary to ship products that are secure-by-design and -default. 

In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products.

Many private sector partners have made invaluable contributions toward advancing security-by-design and security-by-default. With this joint guide, the authoring agencies seek to progress an international conversation about key priorities, investments, and decisions necessary to achieve a future where technology is safe, secure, and resilient by design and default.

Feedback on this guide is welcome and can be sent to: SecureByDesign@cisa.dhs.gov.  

Resource Materials

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default (PDF, 770.62 KB )