News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Protect your organisation
  3. Modern defensible architecture
Joint Guidance

Modern defensible architecture

Take practical and proactive steps to minimise harm to your most critical systems. This publication series on modern defensible architecture provides organisations with a clear pathway to begin investment and implementation.

Roles & Audiences

IT Specialist Decision makers Government Large organisations

PUBLISHED DATE: 23 October 2025

Designing and implementing architectural improvements to an information environment takes significant time, resources and investment. However, while difficult, investing in and implementing modern defensible architecture delivers significant benefits to organisations.

Modern defensible architecture builds resiliency, supports continuous delivery of business services, empowers users to work securely, and provides visibility of organisational compliance with security policies.

Organisations can take practical and proactive steps in the design and build of their IT environments to significantly minimise the risk of harm to their most critical systems. 

Adopting a modern defensible architecture approach can help you to prepare for and plan to adopt technologies based on:

  • traceability of architectural designs to business objectives,
  • zero trust principles of “never trust, always verify”, assume breach and verify explicitly, implemented through zero trust architecture, and
  • secure-by-design practices that institute a security mindset within organisations when it comes to procuring or developing software products and services.

This publication series includes the following guidance:

Foundations for modern defensible architecture (updated) - Written for technical security and enterprise architects. The foundations represent organisational goals or capabilities that will facilitate a more efficient adoption of zero trust technologies and architecture.

Foundations for modern defensible architecture [PDF, 2 MB]

Modern defensible architecture for senior decision makers - Assists senior decision makers understand the contemporary threat landscape and how MDA can help organisations defend against current and emerging threats.

Modern defensible architecture for senior decision makers [PDF, 582 KB]

Investing in modern defensible architecture - Helps organisations to develop a modern defensible architecture investment roadmap based on their organisational strategy, business and security objectives, risk profile and threat context.

Investing in modern defensible architecture [PDF, 919 KB]

This guidance was released with the following partners:

  • Australian Cyber Security Centre - Australian Signals Directorate
  • Canadian Centre for Cyber Security – Canada
  • Bundesamt für Sicherheit in der Informationstechnik – Germany
  • National Cybersecurity Office – Japan
  • JPCERT Coordination Centre – Japan
  • National Police Agency – Japan
  • National Intelligence Service – Republic of Korea
  • National Cyber and Information Security Agency – Czechia.

Topics

Secure technology Governance Software security Access control Investment Information security