Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Secure Our World
  3. Secure Your Products
Share:
Secure Our World Hero Image

Secure Your Products

Protect your customers by making your products “Secure by Design.”

Improve Security Outcomes for Your Customers  

As a technology provider, you know that individual and business customers use the products you create every day. They use them to store their sensitive data on critical internet-facing systems that directly impact economic prosperity, livelihoods and even health. Your products and the systems they connect to are under constant attack by threat actors seeking to disrupt our way of life and steal data.

Yet, the burden of such threats often falls most heavily on those who are the least prepared to deflect them—individuals and small and medium businesses. CISA urges technology providers to change this paradigm and make products Secure by Design.

Secure by Design is a set of core principles for technology providers to build product safety into their processes to design, implement, configure, ship and maintain their products. The goal is to help us achieve a safe and secure future. You can take ownership of improving the security outcomes of your customers by designing and developing products that are safer out of the box...helping all of us to Secure Our World.

What is “Secure by Design”? 

“Secure by Design” changes the focal points of product design and development processes. The aim should be to prevent your customers from having to constantly monitor, bolt on other security products and perform damage control on their systems to mitigate cyber intrusions. So, design your products to minimize security flaws and sell them with default settings that make them safe “out of the box.”

Secure-by-design products are those where customer security is a core business goal, not just a technical feature. Secure-by-design products start with that goal before development begins. Providers should:

  • Build technology products that reasonably protect against malicious cyber actors successfully gaining access to devices, data and connected infrastructure
  • Perform a risk assessment to identify and enumerate prevalent cyber threats to critical systems, and then include protections in product blueprints that account for the evolving cyber threat landscape

By implementing Secure by Design principles during the design phase of your product’s development lifecycle, you can dramatically reduce the number of exploitable flaws before the product goes to market. By "shifting left," manufacturers can focus on preventing the introduction of well-known and easily exploited defects into their products. 

When products are Secure by Design, they are secure to use out of the box with little to no configuration changes or additional charges. They include security features at no additional cost to the consumer. Such features may include:

  • Enabling multifactor authentication (MFA)
  • Gathering and logging evidence of potential intrusions
  • Controlling access to sensitive information (such as Single Sign On)

Secure by Design products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensating controls.

“Secure by Design” moves much of the security burden to technology providers and reduces the chances that customers will fall victim to security incidents resulting from misconfigurations, insufficiently fast patching or many other common issues.

For more information, check out our Secure by Design page, where you can download our paper on Shifting the Burden of Cybersecurity Risk, read our latest Secure by Design alerts and check out our blogs. 

Related Content

Secure Our World logo

Secure Our World

Simple ways to protect yourself, your family and your business from online threats.

SOW Cybersecurity Awareness Month 2024

October is Cybersecurity Awareness Month

Download the free Cybersecurity Awareness Month 2024 toolkit!

Text of Secure by Design on grid background in a colorful isometric design

Secure by Design

It’s time to build cybersecurity into the design and manufacture of technology products. Find out here what it means to be secure by design.

Secure By Design partner logos

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design

Learn more about Secure by Design, including the three core principles in this guide published jointly by CISA, FBI, NSA, and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands and New Zealand.

Download Here

Return to Secure Our World

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback