Search Results

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.

This document serves as a comprehensive resource for integrating security principles, practices, and considerations into the entire software development lifecycle. In today's digital landscape, where cyber threats are ever-evolving, it is imperative to priorit...

These guidelines define best practices on software security that should be adopted during the implementation and maintenance of software. They apply to all Government institutions in Rwanda and all employees, contractors, consultants and other authorized users...

The table below summarizes the security considerations at each stage of the software life cycle: Software life cycle stage Sub stage Security by design deliverables InitiationP Concept Note Security risk assessment ...

During the initiation stage security risk assessment and security planning for the software project are carried out. Key activities in the initiation stage include: Security risk assessment [Mandatory] - A security threat and risk assessment should be carri...

Software can be acquired either through external procurement or in-house development. For the Government of Rwanda most software is acquired through the RISA framework contract. In exceptional cases external procurement and tender processes may be required. Ke...

This stage involves ensuring security is considered as part of the overall system architecture design.  It includes the following: a)    Security architecture design and review [Mandatory] - This activity focuses on the security review of system architecture ...

Secure coding [Mandatory] - In the development stage security requirements and design should be built into the software. Developers should follow secure coding practices to mitigate against common vulnerabilities. Examples of secure coding practices include ...

following should be considered in the Testing phase: Test planning  [Mandatory]- Planning for testing should also consider security testing. This includes defining roles and responsibilities for security testing Test scenarios and test case design [Mandato...

Security configurations[Mandatory] - When deploying software, ensure appropriate security configurations are applied to the software and supporting systems and infrastructure including databases, servers, networks and devices. Access management [Mandatory] ...

During this stage, the software is in production and operating. Continuous enhancements or modifications to the system are developed, tested and implemented to keep the software operating optimally. Security activities that should be carried out continuously i...

This stage involves retiring or removing a software system from service. The software may then be replaced by new or upgraded software. The process and activities in this stage should ensure the orderly termination of the system, while preserving the vital inf...

“Secure-by-Default” means software products should be resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take a...

The following technical measures need to be implemented across government institutions in order to comply with the Law Nº 058/2021 of 13/10/2021 relating to the protection of personal data and privacy: a)    Role-Based Access Control (RBAC)  [Mandatory] -  RB...

Security incident management is the process of identifying, reporting, analyzing and managing security incidents or breaches that occur in an institution. Key guidelines for government institutions in managing security incidents include: Prepare for handlin...

Security user awareness and training is the process of educating employees about cybersecurity and data privacy. It aims to increase the knowledge, skills, and behavior of employees to protect themselves and the organization from various cyber threats. User aw...

Below are the typical roles in a software project and security responsibilities. These can be adjusted based on the context of each institution and size and complexity of the software project. Role Responsibilities Steering Committee...

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.

Government websites and systems serve as vital conduits between government institutions and the public, facilitating access to essential services, information, and resources. In this digital age, the user experience (UX) and user interface (UI) of these platfo...

This document provides guidelines that are aimed at ensuring that software applications and digital platforms have a well designed UI/UX and are easy to use and navigate and are also accessible to individuals with impairments. Key objectives for ensuring softw...