Text of Secure by Design on grid background in a colorful isometric design

Secure by Design

It's time to build cybersecurity into the design and manufacture of technology products.

As America’s Cyber Defense Agency, CISA is charged with defending our nation against ever-evolving cyber threats and to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. But, as we introduce more unsafe technology to our lives, this has become increasingly difficult.  

As a nation, we have allowed a system where the cybersecurity burden is placed disproportionately on the shoulders of consumers and small organizations and away from the producers of the technology and those developing the products that increasingly run our digital lives. Americans need a new model to address the gaps in cybersecurity—a model where consumers can trust the safety and integrity of the technology that they use every day.

Every technology provider must take ownership at the executive level to ensure their products are secure by design.

What it Means to Be Secure by Design 

Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles should be implemented during the design phase of a product’s development lifecycle to dramatically reduce the number of exploitable flaws before they are introduced to the market for broad use or consumption. Products should be secure to use out of the box, with secure configurations enabled by default and security features such as multi-factor authentication (MFA), logging, and single sign on (SSO) available at no additional cost.

Intro Video

Bob Lord, Senior Technical Advisor and Jack Cable, Senior Technical Advisor discuss why it's time to build cybersecurity into the design and manufacture of technology products.

Read our Secure by Design White Paper:

Secure by design type treatment on dark blue graphic for Shifting the Balance of Cybersecurity Risk

Government cannot solve this problem alone. Technology manufacturers must increasingly embrace their role in putting consumer safety first. Technology providers and software developers must take the first step to shift this burden by claiming ownership of their customers’ security outcomes.

Blogs and Alerts

Alerts

Secure by Design Alerts

This series highlights how software manufacturers can avert major emerging cyber incidents by implementing secure by design principles.

Latest Alert: Secure by Design Alert: Security Design Improvements for SOHO Device Manufacturers

blogs

Secure by Design Blogs

Learn what's top of mind at CISA and our efforts to help make technology products secure by design.

Latest Blog: We Must Consider Software Developers a Key Part of the Cybersecurity Workforce

Jen Easterly at Carnegie Mellon University

Watch CISA Director Easterly's Remarks at Carnegie Mellon University

Unsafe at Any CPU Speed: The Designed-in Dangers of Technology and What We Can Do About It

Read the transcript

Watch the video

Featured Content

FEBRUARY 21, 2024 | PRESS RELEASE

CISA, OMB, ONCD and Microsoft Efforts Bring New Logging Capabilities to Federal Agencies

OCTOBER 16, 2023 | PRESS RELEASE

CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide

DECEMBER 06, 2023 |

The Case for Memory Safe Roadmaps

Download File (PDF, 972.51 KB)
FEBRUARY 01, 2023 | OTHER

Stop Passing the Buck on Cybersecurity

By CISA Director Jen Easterly and Executive Assistant Director for Cybersecurity Eric Goldstein
Download File (PDF, 187.48 KB)
Graphic for K12 Education Technology Secure by Design Pledge

Take the K-12 Pledge

If you are a K-12 education technology vendor and would like to join the pledge, please email us at SecureByDesign@cisa.dhs.gov.

learn more

Contact Us

Please share your thoughts by emailing us at: SecureByDesign@cisa.dhs.gov.