Cybersecurity and Infrastructure Security Agency to Lead Secure-By-Design Push

The Cybersecurity and Infrastructure Security Agency is spearheading the government’s implementation of secure-by-design, an approach to software development aimed at incorporating safety measures in the early stages. CISA had been involved with the recent publication of secure-by-design and secure-by-default guidance for software makers and vendors.

Formed in collaboration with other agencies and organizations from allied countries, the guidelines are rooted in the idea that it is developers and not end-users who should be accountable for software security outcomes.

Steve Pruskowski, deputy associate chief for engineering at CISA’s Office of the Chief Information Officer, told Federal News Network that the agency is now building its applications in line with secure-by-design. To facilitate that, CISA is adhering to agile and DevSecOps principles, meaning that cybersecurity is continuously being applied and monitored throughout the development process.

Pruskowski added that he plans to spread a secure-by-design mindset throughout the agency, including to teams responsible for emergency communications and infrastructure security, Federal News Network reported Wednesday.