Skip to main content

This is a new service – your feedback will help us to improve it.

  1. Guidance
  2. Secure by Design

Government Secure by Design Framework

The Central Digital and Data Office, in close collaboration with the cross-government Secure by Design working group, and expert advice from NCSC is developing a common Secure by Design framework and principles for government. This work is part of the Government Cyber Security Strategy (outcome 9) and Transforming for a digital future: 2022 to 2025 roadmap for digital and data (commitment 11).

The overarching aim of Secure by Design is to help organisations adopt a common approach for securing digital services that ensures:

We welcome feedback on the 10 Secure by Design Principles, which are currently in ALPHA and open for consultation. You can email questions and comments to secure-by-design[at]

User needs

The Secure by Design framework aims to solve the following problems experienced by the digital and security communities across government:

  1. Senior leadership often do not understand cyber security as a unified part of managing delivery risk (they think it’s a technical problem for later) and therefore do not sponsor cyber security risk management and assurance.
  2. The application of continuous cyber security risk management is currently not seamlessly integrated into project delivery methodologies.
  3. Security assurance is typically seen as a “necessary evil”, does not keep up with changing context, often is a tick box exercise and does not produce the right visibility of cyber issues to help leadership prioritise wider technology and security spend.
  4. Risk management and assurance documents are often cumbersome and do not demonstrate meaningful measures of effective security risk management.
  5. There is a lack of a consistent approach with regards to security design for technical architectures commonly used across government. This lack of consistency erodes the trust between public sector organisations, prevents easy data sharing and development of joint services and increases the time and cost of delivery.

Goals and outcomes of the framework

The principles are part of the Secure by Design framework which aims to provide practical guidance, tools and artefacts that:

A clear and easy-to-follow framework will help organisations make sure that: