Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / PS - Platform / AppSec

CIS Secure by Design: A Guide to Assessing Software Security Practices

This document focuses on:

This document is a comprehensive guide developed by the Center for Internet Security (CIS) in collaboration with SAFECode and a community of experts. It provides a practical, evaluable framework to help software development organizations build and verify software security from the ground up. The guide builds on the NIST Secure Software Development Framework (SSDF) and integrates SAFECode’s maturity model, mappings to CIS Critical Security Controls, role-based implementation guidance, artifact-driven verification methods, and risk-based evaluation strategies. It covers six critical areas: secure software design, secure development, secure default configuration, supply chain security, code integrity, and vulnerability remediation. The document also addresses emerging challenges like AI/ML security implications and aligns with national and international initiatives such as the U.S. DHS CISA Secure by Design effort and the EU Cyber Resilience Act, aiming to help developers move from principles to actionable practices and empower end users and government bodies to assess software security confidently.


Publication's URL

https://www.cisecurity.org/insights/white-papers/secure-by-design

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

1 thought on “CIS Secure by Design: A Guide to Assessing Software Security Practices

What do you think of this document?

Your email address will not be published. Required fields are marked *