The Cybersecurity and Infrastructure Security Agency (CISA) announced its “Secure by Design Pledge,” a voluntary commitment by software manufacturers to work towards implementing several cybersecurity best practices. The Cybersecurity Coalition worked with CISA after initial release of the pledge and is happy the agency took feedback from industry. 

The pledge focuses on manufacturers of enterprise software, e.g., on-premises software, cloud services, and software-as-a-service (SaaS). However, manufacturers of physical products -- e.g., IoT devices -- and consumer software are also welcome to sign. All signatories are expected to make progress toward goals in seven key areas:

  1. Multi-factor Authentication (MFA)
  2. Default Passwords
  3. Reducing Entire Classes of Vulnerability
  4. Security Patches
  5. Vulnerability Disclosure Policies (VDP)
  6. Common Vulnerabilities and Exposures
  7. Evidence of Intrusions

The Coalition stands behind these goals and is happy that CISA placed a focus on the seven areas, which are critical for organizations. The pledge also points to the National Institute of Standards and Technology’s (NIST) Secure Software Development Framework (SSDF), which is important. 

The Pledge builds upon many recent actions by CISA, such as its multi-stakeholder paper on Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software. This work also complements and builds upon existing practices developed by NIST other U.S. federal agencies, industry groups, and international organizations. 

Ari Schwartz & Luke O’Grady

Read Next

Research Needed for the Good and Bad AI Cybersecurity Use Cases

When implemented properly, artificial intelligence is a vital tool for cybersecurity but more public research is essential to understand and monitor a diverse array of AI systems and their potential – for good and bad.

Center for Cybersecurity Policy and Law Launches Fellowship Program with Two Inaugural Cybersecurity Fellows

Donna Dodson and Mark Bohannon have been named the inaugural fellows for Center for Cybersecurity Policy and Law.

Cyberspace Solarium Commission 2.0 with Mark Montgomery (DCP S2 E1)

In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Mark Montgomery, Senior Director and Senior Fellow at the Foundation for the Defense of Democracies.