NSA and Partners Issue Additional Guidance for Secure By Design … – National Security Agency

Official websites use .gov
Secure .gov websites use HTTPS

FORT MEADE, Md. – The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners released an updated Cybersecurity Information Sheet (CSI) to provide additional guidance for technology manufacturers to ensure their products are secure by design and default.   

The joint CSI adds guidance to the “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software” report published in April 2023. The new guidance provides more detail on the three secure by design and default principles as they apply to both software manufacturers and their customers.

“We need to continue working together to proactively design, build, and deploy secure products for our critical systems,” said Rob Joyce, NSA Cybersecurity Director. “The implementation of secure by design and default principles not only increases the security posture of manufacturers’ products, but customers as well.”

As indicated in the CSI, the authoring agencies recognize the contributions from private sector partners in advancing secure by design and default implementation. The new CSI is intended to continue enabling international conversation about key priorities, investments, and decisions necessary to achieve a future where technology is safe, secure, and resilient by design and default.

The agencies recommend software manufacturers implement the strategies outlined in the CSI to take ownership of the security outcomes of their customers through secure by design and default principles. The agencies also advise that recommendations in this CSI apply to manufacturers of artificial intelligence (AI) software systems and models.

CISA authored the CSI in collaboration with the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), Germany’s Federal Office for Information Security (BSI), Netherlands’ National Cyber Security Centre (NCSC-NL), the Computer Emergency Response Team New Zealand (CERT NZ) and New Zealand’s National Cyber Security Centre (NCSC-NZ), the Korea Internet & Security Agency (KISA), Israel’s National Cyber Directorate (INCD), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Computer Emergency Response Team Coordination Center (JPCERT), the Network of Government Cyber Incident Response Teams (CSIRT) Americas, the Cyber Security Agency of Singapore (CSA), and the Czech Republic’s National Cyber and Information Security Agency (NÚKIB).

Read the full report here.
 
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721
Civil Liberties, Privacy, & Transparency Office
Diversity, Equity, Inclusion, & Accessibility

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *