Skip to main content

Security By Design Software Guidelines

This document serves as a comprehensive resource for integrating security principles, practices, and considerations into the entire software development lifecycle. In today's digital landscape, where cyber threats are ever-evolving, it is imperative to prioritize security from the outset of any software project. 

Introduction

This document serves as a comprehensive resource for integrating security principles, practices, ...

Scope and objectives

These guidelines define best practices on software security that should be adopted during the imp...

Secure by design framework

Security-by-Design (SBD) is an approach to protecting technology systems against security threats...

Software Life Cycle

The table below summarizes the security considerations at each stage of the software life cycle: ...

Initiation

During the initiation stage security risk assessment and security planning for the software proje...

Acquisition

Software can be acquired either through external procurement or in-house development. For the Gov...

Architecture & Design

This stage involves ensuring security is considered as part of the overall system architecture de...

Development

Secure coding [Mandatory] - In the development stage security requirements and design should be...

Testing

following should be considered in the Testing phase: Test planning  [Mandatory]- Planning for ...

Deployment Phase

Security configurations[Mandatory] - When deploying software, ensure appropriate security confi...

Operations and Maintenance

During this stage, the software is in production and operating. Continuous enhancements or modifi...

Upgrade /Decommission

This stage involves retiring or removing a software system from service. The software may then be...

Security by default

“Secure-by-Default” means software products should be resilient against prevalent exploitation te...

Minimum security controls for data protection

The following technical measures need to be implemented across government institutions in order t...

Security incident management

Security incident management is the process of identifying, reporting, analyzing and managing sec...

Security user awareness and training and best practices for employees

Security user awareness and training is the process of educating employees about cybersecurity an...

Roles and responsibilities

Below are the typical roles in a software project and security responsibilities. These can be adj...

Entry into force

This guideline shall come into force on the date of its signature by the Chief Executive Officer ...
Back to top