News

Subpage Hero

     

17 Oct 2023

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software

NSA and Partners Issue Additional Guidance for Secure By Design Software
The joint CSI adds guidance to the “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software” report published in April 2023. The new guidance provides more detail on the three secure by design and default principles as they apply to both software manufacturers and their customers.

“We need to continue working together to proactively design, build, and deploy secure products for our critical systems,” said Rob Joyce, NSA Cybersecurity Director. “The implementation of secure by design and default principles not only increases the security posture of manufacturers’ products, but customers as well.”

As indicated in the CSI, the authoring agencies recognize the contributions from private sector partners in advancing secure by design and default implementation. The new CSI is intended to continue enabling international conversation about key priorities, investments, and decisions necessary to achieve a future where technology is safe, secure, and resilient by design and default.

The agencies recommend software manufacturers implement the strategies outlined in the CSI to take ownership of the security outcomes of their customers through secure by design and default principles. The agencies also advise that recommendations in this CSI apply to manufacturers of artificial intelligence (AI) software systems and models.

CISA authored the CSI in collaboration with the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), Germany’s Federal Office for Information Security (BSI), Netherlands’ National Cyber Security Centre (NCSC-NL), the Computer Emergency Response Team New Zealand (CERT NZ) and New Zealand’s National Cyber Security Centre (NCSC-NZ), the Korea Internet & Security Agency (KISA), Israel’s National Cyber Directorate (INCD), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Computer Emergency Response Team Coordination Center (JPCERT), the Network of Government Cyber Incident Response Teams (CSIRT) Americas, the Cyber Security Agency of Singapore (CSA), and the Czech Republic’s National Cyber and Information Security Agency (NÚKIB).

Read the full report here.
View all News
Loading

Sponsors Included

Platinum Sponsors



 

Gold Sponsors

Silver Sponsors


 

Content Stream Sponsors



 

Partners Included

Platinum Partner

PARTNER

PARTNER

PARTNER

Partner

Partner


 

Partner


 

Partner

Partner

Partner

Partner

Partner

Partner

Partner

Travel Partner