Search Results

During the initiation stage security risk assessment and security planning for the software project are carried out. Key activities in the initiation stage include: Security risk assessment [Mandatory] - A security threat and risk assessment should be carri...

Software can be acquired either through external procurement or in-house development. For the Government of Rwanda most software is acquired through the RISA framework contract. In exceptional cases external procurement and tender processes may be required. Ke...

This stage involves ensuring security is considered as part of the overall system architecture design.  It includes the following: a)    Security architecture design and review [Mandatory] - This activity focuses on the security review of system architecture ...

Secure coding [Mandatory] - In the development stage security requirements and design should be built into the software. Developers should follow secure coding practices to mitigate against common vulnerabilities. Examples of secure coding practices include ...

following should be considered in the Testing phase: Test planning  [Mandatory]- Planning for testing should also consider security testing. This includes defining roles and responsibilities for security testing Test scenarios and test case design [Mandato...

Security configurations[Mandatory] - When deploying software, ensure appropriate security configurations are applied to the software and supporting systems and infrastructure including databases, servers, networks and devices. Access management [Mandatory] ...

During this stage, the software is in production and operating. Continuous enhancements or modifications to the system are developed, tested and implemented to keep the software operating optimally. Security activities that should be carried out continuously i...

This stage involves retiring or removing a software system from service. The software may then be replaced by new or upgraded software. The process and activities in this stage should ensure the orderly termination of the system, while preserving the vital inf...

“Secure-by-Default” means software products should be resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take a...

The following technical measures need to be implemented across government institutions in order to comply with the Law Nº 058/2021 of 13/10/2021 relating to the protection of personal data and privacy: a)    Role-Based Access Control (RBAC)  [Mandatory] -  RB...

Security incident management is the process of identifying, reporting, analyzing and managing security incidents or breaches that occur in an institution. Key guidelines for government institutions in managing security incidents include: Prepare for handlin...

Security user awareness and training is the process of educating employees about cybersecurity and data privacy. It aims to increase the knowledge, skills, and behavior of employees to protect themselves and the organization from various cyber threats. User aw...

Below are the typical roles in a software project and security responsibilities. These can be adjusted based on the context of each institution and size and complexity of the software project. Role Responsibilities Steering Committee...

Government websites and systems serve as vital conduits between government institutions and the public, facilitating access to essential services, information, and resources. In this digital age, the user experience (UX) and user interface (UI) of these platfo...

This document provides guidelines that are aimed at ensuring that software applications and digital platforms have a well designed UI/UX and are easy to use and navigate and are also accessible to individuals with impairments. Key objectives for ensuring softw...

An application that is perceivable means that information can be identified by more than one sense. Some of the recommended practices to ensure perceivability are listed below. Text alternatives [Recommended] Text alternatives should describe non-text conten...

Software applications should allow users to perform all the actions necessary to navigate the user interface. Navigation should be seamless via all methods, such as the mouse, arrow keys and trackpad. When software is operable, it facilitates the use of assist...

Software that is understandable means that the user comprehends both the information it presents and the requirements for operation. Some of the practices to make software understandable include: Use plain language [Mandatory] Write content in plain language...

Robustness means that software should be compatible with most devices and assistive technologies. Robust software adapts to ensure content is accessible as technologies evolve. Key practices include: Responsive design  [Mandatory] Ensure that government webs...

Keep forms concise by only including essential fields necessary for collecting the required information. Minimizing form fields reduces user effort and completion time, improving the overall user experience.