Scope and objectives

These guidelines define best practices on software security that should be adopted during the implementation and maintenance of software. They apply to all Government institutions in Rwanda and all employees, contractors, consultants and other authorized users of GoR software systems should comply with the guidelines. Government institutions should also comply with the Minimum Cybersecurity Standards for Public Institutions provided by the National Cyber Security Authority. These guidelines will help Government institutions to implement secure software that meets the main security objectives. The main objectives of implementing security measures and controls in software systems include:

• Confidentiality – limiting access to sensitive data and information to only authorized parties.
• Integrity – ensuring that data is consistent, accurate, and trustworthy throughout its lifecycle and cannot be modified by unauthorized parties.
• Authentication – ensuring sensitive systems or data are protected by a mechanism that verifies the identity of the individual accessing them.
• Authorization – ensuring there is proper control of access to software systems and data for authenticated users according to their roles or permissions.
• Availability – ensuring that critical systems or data are available for their users when they are needed.
• Non-repudiation – ensures that data sent or received cannot be denied, by exchanging authentication information with a provable time stamp.