Skip to main content

What do you think of this service? Your feedback will help us to improve it.

Author: Central Digital and Data Office (CDDO), Cabinet Office

Secure by Design Principles

The foundations required for embedding cyber security practices in digital delivery and building resilient digital services.

The following principles must be met by delivery teams with support from security professionals throughout the service lifecycle.

As outlined in the Secure by Design policy, these principles are mandatory for government departments and arm’s-length bodies (ALBs), and optional for other parts of the public sector. Third party suppliers to these organisations should liaise with their security contacts to understand the specific requirements that apply.

Organisations may introduce additional principles and tailor the recommended activities to meet their specific circumstances, provided they still meet the core principles. An example of this is digital.mod.uk/secure-by-design where specialist cyber security advice has been mapped to the specific environment and project management lifecycle of the Ministry of Defence (MoD).

The implementation guide explains how teams can prepare for transition to Secure by Design within the required timescales.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now