- Posted December 06, 2024
- Technical Advisories
The National Cyber Security Centre (NCSC) has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and other international partners to release two advisories about choosing secure and verifiable technologies.
- The first paper informs organisations of secure-by-design considerations for the procurement of digital products and services. (external link)Its core aim is to enable organisations to make better-informed ICT procurement assessments and decisions.
- The second paper has been written for senior leaders in organisations to assist organisations to make better-informed ICT procurement assessments and decisions.(external link)
With an ever-growing number of cyber threats endangering users’ privacy and data, organisations must ensure they are consistently choosing secure and verifiable technologies. Customers are responsible for evaluating the suitability, security and risks associated with acquiring and operating a digital product or service. However, customers must demand manufacturers embrace and provide products and services that are secure-by-design and secure-by-default. In this way, consumers can increase their resilience, reduce their risks and lower the costs associated with patching and incident response.
When an organisation has determined a need to procure a digital product or service, considerations must be made as to whether the product or service is secure and that security will be maintained throughout its specified lifecycle.
Secure-by-design is a proactive, security-focused approach taken by software manufacturers during the development of digital products and services that requires the purposeful alignment of cyber security goals across all levels of the manufacturing organisation.
The NCSC encourages organisations that procure or leverage digital products and services, and manufacturers of digital products and services to read this guidance and understand the responsibilities and actions necessary to support the execution of the advice.
If you have any questions about this guidance, contact info@ncsc.govt.nz