We welcome feedback on these principles, which are currently in ALPHA and open for consultation. You can email questions and comments to secure-by-design[at]digital.cabinet-office.gov.uk.
The following core principles are aimed at the digital and security communities delivering digital services. These cover the end-to-end digital service delivery life cycle addressing the challenges faced by government organisations. They are based on the NCSC’s Secure Design Principles, which focus on the design phase of cyber secure systems. The government principles take this basis and expand to cover the whole lifecycle, and are focussed on the needs of the public sector. Each principle is supplemented with an "intent" which illustrates the importance.
Appoint an appropriately senior risk owner, who has a clear reporting line to or is a member of the top management, to be accountable for owning the cyber security risks for the service throughout its life cycle and allocating security resources within the service delivery team.
By engaging an appropriately senior risk owner (project sponsor), you can make sure that cyber security risks are escalated to top management and managed by the most senior stakeholders in the business in accordance with the organisation’s risk appetite.
Continually assess the security of products or open-source code for security vulnerabilities, and mitigate the risks to your environment.
Performing security due diligence of technology products and open-source code allows you to make an informed business decision on the trade-offs between cyber security implications and efficiency. It enables sharing lessons-learnt with suppliers to help them improve the security of their products.
Dynamically managing risks and designing proportionate safeguards means that you can respond to changes in the risk profile appropriately to always have a current defensible position of your controls and mitigations.
Carry out ongoing user research to make sure security controls are appropriate for the environment your users are working in and are easy to use.
Usable security allows users to effectively operate the security controls available to them. Unusable security forces users to work around it and adopt insecure practices to get things done.
Design and iterate security controls and processes to cover all stages of the services life cycle including capabilities to protect, detect, respond and recover from incidents.
By designing for security capabilities expanding across all functions of the cyber security framework, you reduce the likelihood of weak points where compromise could occur and go undetected.
Implement new services and update legacy systems with flexible architectures that allow scaling and easy integration of new security controls in response to business requirements, changing threats and vulnerabilities.
The use of flexible architectures allows services to readily adapt to meet new business requirements as well as respond quickly to changes in the security risk and threat landscape.
Use only the required capabilities, software, data and hardware components necessary for the service to achieve its intended use.
Minimising the attack surface reduces the opportunities for potential attackers to exploit vulnerabilities in the service without degrading the service.
Assume any part of the service could be compromised at any point in its life cycle and design services so they cannot be wholly compromised if a single control has either failed or been overcome by an attacker.
By utilising layered controls effectively, it will increase the time and effort required by threat actors to fully compromise the service.
Implement proportionate and evidence-based security assurance into the digital service life cycle to provide confidence in the effectiveness of the security controls.
Continually assuring the security posture of digital services provides the risk owners with the level of confidence that services operate securely and as intended.
Assess the security impact of proposed changes to digital services to ensure that their security and the way they work are not adversely affected.
To ensure that changes cannot be made to an operational service without proper consideration of how a change might affect its security, and management of that change through a secure design, development and deployment process.