diff --git a/source/principles/secure-by-design-principles/index.html.md.erb b/source/principles/secure-by-design-principles/index.html.md.erb new file mode 100644 index 0000000..94e8ee2 --- /dev/null +++ b/source/principles/secure-by-design-principles/index.html.md.erb @@ -0,0 +1,23 @@ +--- +title: Secure by Design principles +weight: 30 +--- + +# <%= current_page.data.title %> + +[Secure by Design (SbD)](https://www.security.gov.uk/policy-and-guidance/secure-by-design/) is a cross-government approach that will be introduced to the Department for Education (DfE) in January 2025. It sets out what delivery teams and security professionals need to do to incorporate effective cyber security practices when building digital services and technical infrastructure. + +From January, any project delivering changes to digital services or technology infrastructure that is in scope of the [digital and technology spend controls approval process](https://www.gov.uk/government/publications/digital-and-technology-spend-control-version-6) must follow [SbD principles](https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/). Digital services which are in operation or undergoing routine maintenance are not in scope for January. Over time, all projects will be required to follow SbD principles and this will be agreed as part of the DfE Cyber and Information Security (CIS) Division strategy and roadmap for SbD. + +If your project is in scope for SbD, contact the SbD delivery team at the [SbD support channel on Slack](https://ukgovernmentdfe.slack.com/archives/C081Q6S91FB). + +## DfE SbD documentation + +To help you and your team with compliance to SbD, you can view [the DfE SbD documentation](https://secure-by-design.security.education.gov.uk/) which is being regularly updated with: + +* guides on how to meet [principles and activities](https://secure-by-design.security.education.gov.uk/secure_by_design_principles/) +* how the CIS Division can help your team +* [SbD policies for DfE](https://secure-by-design.security.education.gov.uk/policies/threat_intelligence_policy/) +* [documented processes](https://secure-by-design.security.education.gov.uk/Vulnerability%20Management/how_to_triage_vulnerabilities/) that can be used to meet requirements +* links and guides on [security tooling](https://secure-by-design.security.education.gov.uk/SbD%20Activities/discovering_vulnerabilities/), training and activities +* [useful documentation downloads](https://secure-by-design.security.education.gov.uk/Useful%20Documents/useful_document_links/) \ No newline at end of file