Shifting the Balance of Cybersecurity Risk: Security-by-Design and Default Principles serves as a cybersecurity roadmap for manufacturers of technology and associated products. With recommendations in this guide, manufacturers are urged to put cybersecurity first, during the design phase of a product’s development lifecycle, to decrease user risk and provide out-of-the-box user protections by default at no extra charge.
This guide represents an international effort to reduce exploitable vulnerabilities in technology used by the government and private sector organizations. The authoring agencies are CISA, Federal Bureau of Investigation, National Security Agency, Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand’s Computer Emergency Response Team, United Kingdom’s National Cyber Security Centre, Germany’s Federal Office for Information Security (BSI), and the Netherlands’ National Cyber Security Centre. The authoring agencies recognize the contributions by many private sector partners in advancing Security-by-Design and -Default.
For more information on the importance of product security, see CISA’s blog article The Cost of Unsafe Technology and What We Can Do About It.