CISA Seeks Public Input on Secure by Design Policy

The Cybersecurity and Infrastructure Security Agency is soliciting feedback on secure by design guidance it released in 2023 to inform future updates.

A new request for information contains questions about implementing security early into the software development lifecycle, integrating cybersecurity into computer science education and facilitating efforts to address recurring vulnerabilities, CISA said Wednesday.

Titled “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software,” the secure by design whitepaper was developed by CISA and partner organizations worldwide. It received an update in October to reflect feedback from various stakeholders, including insights from U.S. cyber experts and recommendations from authorities in countries such as Japan, Israel and Singapore.

CISA Director Jen Easterly, a 2023 Wash100 awardee, said the guidance needs the “broadest range of perspectives.” She explained that the national cybersecurity strategy calls for responsibility for cybersecurity to shift from customers to providers.

Responses to the RFI are due on Feb. 20, 2024.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now