Text of Secure by Design on grid background in a colorful isometric design

Secure by Design

It's time to build cybersecurity into the design and manufacture of technology products.
Find out here what it means to be secure by design.

As America’s Cyber Defense Agency, CISA is charged with defending our nation against ever-evolving cyber threats and to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. But, as we introduce more unsafe technology to our lives, this has become increasingly difficult.  

As a nation, we have allowed a system where the cybersecurity burden is placed disproportionately on the shoulders of consumers and small organizations and away from the producers of the technology and those developing the products that increasingly run our digital lives. Americans need a new model to address the gaps in cybersecurity—a model where consumers can trust the safety and integrity of the technology that they use every day.

Read Now!

Secure by Design. Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software

 

 

Government cannot solve this problem alone. Technology manufacturers must increasingly embrace their role in putting consumer safety first. Technology providers and software developers must take the first step to shift this burden by claiming ownership of their customers’ security outcomes.

Featured Content

CISA Announces Secure by Design Alert Series: How Vendor Decisions Can Reduce Harm at a Global Scale

CISA leads the national effort to understandmanage, and reduce risk to our cyber and physical infrastructure. We continuously publish alerts and advisories to help defenders prioritize their work based on current threats and software vulnerabilities

The Next Chapter of Secure by Design

Four of CISA’s top cyber experts discuss the feedback CISA’s received on Secure By Design principles and outline the second iteration of CISA’s Secure by Design whitepaper.

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design

UPDATED! Read the NEW guidance now. Joint U.S. & international guide urging software manufacturers to take necessary steps to ship products that are secure-by-design.

CISA Director Easterly Remarks at Carnegie Mellon University

Unsafe at Any CPU Speed: The Designed-in Dangers of Technology and What We Can Do About It

Stop Passing the Buck on Cybersecurity - Why Companies Must Build Safety Into Tech Products

By CISA Director Jen Easterly and Executive Assistant Director for Cybersecurity Eric Goldstein

CISA’s Cyber Experts Talk Shop on the Need for Safer Tech

Three of CISA’s top cyber experts reflect on what it means to be Secure by Design and Secure by Default and issue call to action to tech manufacturers.

Applying “Secure By Design” Thinking to Events in the News

As we navigate this landscape, a series of crucial questions arise, especially when considering alleged security threats like juice-jacking attacks. Read our latest blog to learn how these principles improve safe tech for all. 

What it Means to Be Secure by Design 

Every technology provider must take ownership at the executive level to ensure their products are both secure by design and secure by default.

What is Secure by Design?

Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles should be implemented during the design phase of a product’s development lifecycle to dramatically reduce the number of exploitable flaws before they are introduced to the market for broad use or consumption.

What is Secure by Default?

Secure by Default products are those that are secure to use out of the box, with little to no configuration changes and are available at no additional cost, such as multi-factor authentication (MFA), gather and log evidence of potential intrusions, and control access to sensitive information.

 

CMUS Speech by Jen Easterly
Director Easterly's video remarks at CMU

Watch CISA Director Easterly's Remarks at Carnegie Mellon University

Unsafe at Any CPU Speed: The Designed-in Dangers of Technology and What We Can Do About It

Watch the video

Related News and Resources

Graphic that reads, "The Urgent Need for Memory Safety in Software Products"
SEPTEMBER 20, 2023 | BLOG

The Urgent Need for Memory Safety in Software Products

Cybersecurity Technical Advisor Bob Lord stresses the importance of memory safety in making software safer by design.
JULY 19, 2023 | PRESS RELEASE

CISA and Microsoft Partnership Expands Access to Logging Capabilities Broadly

We applaud Microsoft’s announcement to make necessary logs identified by CISA and our partners as most critical to identifying cyber-attacks available to customers without additional cost.
JULY 19, 2023 | BLOG

When Tech Vendors Make Important Logging Info Available for Free, Everyone Wins

JULY 18, 2023 | BLOG

Leading the Way with Radical Transparency

APRIL 13, 2023 | PRESS RELEASE

U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches   

Press Release on joint product that outlines clear steps technology providers can take to increase the safety of products used around the world.
Graphic for K12 Education Technology Secure by Design Pledge

Take the Pledge!

If you are a K-12 education technology vendor and would like to join the pledge, please email us at SecureByDesign@cisa.dhs.gov.

learn more

Contact Us

Please share your thoughts by emailing us at: SecureByDesign@cisa.dhs.gov.