About Secure by Design

The Secure by Design policy has been developed by the Central Digital and Data Office (CDDO) and a cross-government working group in collaboration with the Government Security Group, National Cyber Security Centre (NCSC) and industry experts. It is a strategic priority included in the transforming for a digital future roadmap: 2022 to 2025 and the Government Cyber Security Strategy.

The approach provides:

• risk-driven activities for building appropriate and proportionate cyber security controls within digital services
• clarity on roles and responsibilities to continuously manage security risks and improve security culture
• practical guidance and tools to achieve the Cyber Assessment Framework (CAF) outcomes as part of GovAssure

How assurance works

Secure by Design is not an assurance process, however one of the principles is to continuously deliver effective security controls throughout the life of a service.

To achieve this, delivery teams will need to provide a self assessment as evidence of meeting the Secure by Design principles when taking part in the digital and technology spend controls approval process.

Secure by Design for the defence industry

Visit digital.mod.uk/secure-by-design for specialist cyber security advice for delivery teams and suppliers from the Ministry of Defence (MoD).

The MoD approach shares the cross-government objective of making security an integral part of service design through effective risk management, collaboration and continuous improvement. This has been mapped to their specific environment and project management lifecycle.

Further information

• Read the implementation guide for details of how teams can prepare for transition to Secure by Design within the required timescales.
• Browse the Secure by Design Q&A for answers to some commonly asked questions about this approach.