All central government departments and arm's-length bodies (ALBs) must incorporate effective security practices and apply the Secure by Design principles when delivering and building digital services and technical infrastructure. This applies to new services and significant changes to services that fall into scope of the digital and technology spend controls approval process.
Affected organisations have been separated into two groups which determine their implementation timescales:
The Cabinet Office will be working with organisations to discuss their specific implementation schedule and establish what assistance may be required.
Organisations are encouraged to implement Secure by Design as soon as possible, however support from Central Digital and Data Office (CDDO) will be prioritised for group 1 organisations.
The implementation plan aligns with timescales in the government’s transforming for a digital future roadmap: 2022 to 2025. It has been developed in collaboration with security and digital leaders, including the Chief Digital Information Officers (CDIOs) who are accountable for the adoption of Secure by Design in their organisations.
Secure by Design is a journey for continuous improvement, not a compliance process. It is essential for government organisations to begin the transition early and make positive changes towards achieving the required cyber security maturity.
Secure by Design | About | Principles | Activities
The Secure by Design approach will evolve to reflect the needs of government digital services. Your feedback will help us to improve it.
Last update: 25 March 2024
OFFICIAL