Search Results

Secure coding [Mandatory]  - Follow secure coding practices to prevent common vulnerabilities such as injection attacks, cross-site scripting (XSS), and insecure authentication. Refer to RISA’s software security guidelines for more details Code reviews  [Ma...

Privacy testing [Mandatory] - Include privacy testing as part of the software testing process, focusing on scenarios related to data protection, consent management and user privacy preferences. Penetration testing and vulnerability assessment [Mandatory] - ...

Data protection safeguards [Mandatory] - Implement appropriate safeguards to protect personal data during transit and storage, such as encryption and secure communication protocols. Privacy notices [Mandatory] - Provide users with clear and accessible priva...

Privacy policies [Mandatory] - Regularly review and update privacy policies and procedures to reflect changes in the regulatory landscape and evolving privacy risks. Monitoring [Mandatory] - Monitor the software for security vulnerabilities and privacy inci...

Data Disposal [Mandatory] - Ensure that all personal data stored by the software is securely deleted or anonymized according to applicable laws and regulations. This includes data stored in databases, logs, backups, and any other storage mechanisms used by t...

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.

This document serves as a comprehensive resource for integrating security principles, practices, and considerations into the entire software development lifecycle. In today's digital landscape, where cyber threats are ever-evolving, it is imperative to priorit...

These guidelines define best practices on software security that should be adopted during the implementation and maintenance of software. They apply to all Government institutions in Rwanda and all employees, contractors, consultants and other authorized users...

The table below summarizes the security considerations at each stage of the software life cycle: Software life cycle stage Sub stage Security by design deliverables InitiationP Concept Note Security risk assessment ...

During the initiation stage security risk assessment and security planning for the software project are carried out. Key activities in the initiation stage include: Security risk assessment [Mandatory] - A security threat and risk assessment should be carri...

Software can be acquired either through external procurement or in-house development. For the Government of Rwanda most software is acquired through the RISA framework contract. In exceptional cases external procurement and tender processes may be required. Ke...

This stage involves ensuring security is considered as part of the overall system architecture design.  It includes the following: a)    Security architecture design and review [Mandatory] - This activity focuses on the security review of system architecture ...

Secure coding [Mandatory] - In the development stage security requirements and design should be built into the software. Developers should follow secure coding practices to mitigate against common vulnerabilities. Examples of secure coding practices include ...

following should be considered in the Testing phase: Test planning  [Mandatory]- Planning for testing should also consider security testing. This includes defining roles and responsibilities for security testing Test scenarios and test case design [Mandato...

Security configurations[Mandatory] - When deploying software, ensure appropriate security configurations are applied to the software and supporting systems and infrastructure including databases, servers, networks and devices. Access management [Mandatory] ...

During this stage, the software is in production and operating. Continuous enhancements or modifications to the system are developed, tested and implemented to keep the software operating optimally. Security activities that should be carried out continuously i...

This stage involves retiring or removing a software system from service. The software may then be replaced by new or upgraded software. The process and activities in this stage should ensure the orderly termination of the system, while preserving the vital inf...

“Secure-by-Default” means software products should be resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take a...

The following technical measures need to be implemented across government institutions in order to comply with the Law Nº 058/2021 of 13/10/2021 relating to the protection of personal data and privacy: a)    Role-Based Access Control (RBAC)  [Mandatory] -  RB...

Security incident management is the process of identifying, reporting, analyzing and managing security incidents or breaches that occur in an institution. Key guidelines for government institutions in managing security incidents include: Prepare for handlin...