17 October 2023
New Zealand’s National Cyber Security Centre (NCSC) and CERT NZ have issued joint guidance in partnership with the United States Cybersecurity and Infrastructure Security Agency (CISA) and 15 other cyber security agencies.
This joint product, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software, builds on the original version released earlier this year.
The original guidance, Shifting the Balance of Cybersecurity Risk: Secure-by-design and -default Principles, emphasised the need for software manufacturers to adopt secure-by-design and secure-by-default practices. It also called on customer organisations to hold manufacturers and suppliers to these standards. The publication serves as a cyber security roadmap for manufacturers of technology and associated products.
The updated version incorporates feedback from individuals and organisations. The most common request was for more detail on the three core principles:
- take ownership of customer security outcomes,
- embrace radical transparency and accountability, and
- lead from the top.
This expanded version also explores themes such as manufacturer and customer size, customer maturity, and the scope of the principles.
For questions about this guidance, contact the NCSC by email at info@ncsc.govt.nz.