CISA Issues International Security-by-Design and Security-by-Default Guidance for Software Manufacturers and Customers
The Federal Bureau of Investigation, National Security Agency, and cybersecurity authorities in Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand jointly developed Security-by-Design and Security-by-Default principles for technology manufacturers, which the U.S. Cybersecurity and Infrastructure Security Agency released last week. The advise relies on the White House’s recent launch of the U.S. National Cybersecurity Strategy and encourages a consistent, international approach to software security that emphasises software producers’ obligations across jurisdictions. Enterprise customers are advised to “hold their supplying technology manufacturers accountable for the security outcomes of their products” in the guidance.
Caleb Skeath, Partner
A recent post on Covington’s Inside Privacy blog highlights the guidance’s basic principles and future steps for important stakeholders.
Ashden Fein, Partner
Micaela McMurrough, Partner
For detailed information, as well as the picture copyright, please see the law firm’s original article here: CISA Publishes International Guidance on Implementing Security-by-Design and Security-by-Default Principles for Software Manufacturers and Customers