Hi All,
CISA just published Shifting the Balance of Cybersecurity Risk - Principles and Approaches for Security-by-Design and Default
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following international partners2 provide the recommendations in this guide as a roadmap for technology manufacturers to ensure the security of their products:
Australian Cyber Security Centre (ACSC)
Canadian Centre for Cyber Security (CCCS)
United Kingdom's National Cyber Security Centre (NCSC-UK)
Germany's Federal Office for Information Security (BSI)
Netherlands' National Cyber Security Centre (NCSC-NL)
Computer Emergency Response Team New Zealand (CERT NZ) and New Zealand's National Cyber Security Centre (NCSC-NZ)
This joint guide provides recommendations to manufacturers for developing a written roadmap to implement and ensure IT security. The authoring agencies recommend software manufacturers implement the strategies outlined in the sections below to take ownership of the security outcomes of their customers through Secure-by-Design and Default principles.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------