New Zealand’s National Cyber Security Centre (NCSC) and CERT NZ(external link) have issued joint guidance in partnership with the United States of America’s Cybersecurity and Infrastructure Security Agency(external link) (CISA) and 15 other cyber security agencies.
This joint product, titled Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software, builds on the original product distributed earlier this year.
The original product, titled Shifting the Balance of Cybersecurity Risk: Secure-By-Design and -Default Principles emphasised and recommended that software manufacturers adopt secure-by-design and secure-by-default practices, and that customer organisations should hold their manufacturers and suppliers to these standards. The product serves as a cybersecurity roadmap for manufacturers of technology and associated products.
The updated version of this product incorporates feedback from individuals and organisations, with the most common request being to provide more details on the three principles: take ownership of customer security outcomes, embrace radical transparency and accountability, and lead from the top. This product expands on the original report and touches on other themes such as manufacturer and customer size, customer maturity, and the scope of the principles.
If you have any queries about this guidance product, please contact the NCSC by email: info@ncsc.govt.nz