buildsecurityin.us-cert.govSecure by Design | CISA

An official website of the United States government Here’s how you know Here’s how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. Free Cyber Services #protect2024 Secure Our World Shields Up Report A Cyber Issue Search Menu Close Topics Topics Cybersecurity Best Practices Cyber Threats and Advisories Critical Infrastructure Security and Resilience Election Security Emergency Communications Industrial Control Systems Information and Communications Technology Supply Chain Security Partnerships and Collaboration Physical Security Risk Management How can we help? Government Educational Institutions Industry State, Local, Tribal, and Territorial Individuals and Families Small and Medium Businesses Find Help Locally Faith-Based Community Executives High-Risk Communities Spotlight Resources & Tools Resources & Tools All Resources & Tools Services Programs Resources Training Groups News & Events News & Events News Events Cybersecurity Alerts & Advisories Directives Request a CISA Speaker Congressional Testimony CISA Conferences CISA Live! Careers Careers Benefits & Perks HireVue Applicant Reasonable Accommodations Process Hiring Resume & Application Tips Students & Recent Graduates Veteran and Military Spouses Work @ CISA About About Culture Divisions & Offices Regions Leadership Doing Business with CISA Site Links Reporting Employee and Contractor Misconduct CISA GitHub CISA Central 2023 Year In Review Contact Us Free Cyber Services #protect2024 Secure Our World Shields Up Report A Cyber Issue Breadcrumb Home Topics Cybersecurity Best Practices Share: Secure by Design It’s time to build cybersecurity into the design and manufacture of technology products. As America’s Cyber Defense Agency, CISA is charged with defending our nation against ever-evolving cyber threats and to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. But, as we introduce more unsafe technology to our lives, this has become increasingly difficult. As a nation, we have allowed a system where the cybersecurity burden is placed disproportionately on the shoulders of consumers and small organizations and away from the producers of the technology and those developing the products that increasingly run our digital lives. Americans need a new model to address the gaps in cybersecurity—a model where consumers can trust the safety and integrity of the technology that they use every day. Every technology provider must take ownership at the executive level to ensure their products are secure by design. What it Means to Be Secure by Design Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles should be implemented during the design phase of a product’s development lifecycle to dramatically reduce the number of exploitable flaws before they are introduced to the market for broad use or consumption. Products should be secure to use out of the box, with secure configurations enabled by default and security features such as multi-factor authentication (MFA), logging, and single sign on (SSO) available at no additional cost. Unsafe At Any Speed: CISA’s Plan to Foster Tech Ecosystem Security Bob Lord, Senior Technical Advisor and Jack Cable, Senior Technical Advisor discuss why it’s time to build cybersecurity into the design and manufacture of technology products. Watch the Video Take the Pledge If you are an enterprise software manufacturer and would like to join the pledge, please email us . learn more Key Resources Watch CISA Director Easterly’s Remarks at Carnegie Mellon University Unsafe at Any CPU Speed: The Designed-in Dangers of Technology and What We Can Do About It. Secure by Design Alerts This series highlights how software manufacturers can avert major emerging cyber incidents by implementing secure by design principles. Latest Alert: Secure by Design Alert: Eliminating Directory Traversal Vulnerabilities in Software Secure by Design Blogs Learn what’s top of mind at CISA and our efforts to help make technology products secure by design. Latest Blog: We Must Consider Software Developers a Key Part of the Cybersecurity Workforce Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software Technology manufacturers must increasingly embrace their role in putting consumer safety first. Technology providers and software developers must take the first step to shift this burden by claiming ownership of their customers’ security outcomes. CISA’s Secure by Design Pledge Launch Event 68 of the world’s leading software manufacturers to voluntarily committed to CISA’s Secure by Design pledge to design products with greater security built in. Featured Content MAY 08, 2024 | PRESS RELEASE CISA Announces Secure by Design Commitments from Leading Technology Providers FEBRUARY 21, 2024 | PRESS RELEASE CISA, OMB, ONCD and Microsoft Efforts Bring New Logging Capabilities to Federal Agencies OCTOBER 16, 2023 | PRESS RELEASE CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide DECEMBER 06, 2023 | The Case for Memory Safe Roadmaps Download File (PDF, 972.51 KB) Contact Us Please share your thoughts by emailing us at: SecureByDesign@cisa.dhs.gov . Return to top Topics Spotlight Resources & Tools News & Events Careers About Cybersecurity & Infrastructure Security Agency Facebook Twitter LinkedIn YouTube Instagram RSS CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov DHS Seal CISA.gov An official website of the U.S. Department of Homeland Security About CISA Accessibility Budget and Performance DHS.gov FOIA Requests No FEAR Act Office of Inspector General Privacy Policy Subscribe The White House USA.gov Website...