Secure by Design

Secure from the start

By designing security into projects from the start, you help Defence stay ahead of adversaries and maintain national security.

Across government

The UK Cabinet Office policy is that all government departments and arm's length bodies must be secure.

Following a Secure by Design approach, government departments will:

• help create resilient capabilities and services
• make security everyone’s responsibility
• improve trust and data sharing

Secure by Design in Defence

The Ministry of Defence is implementing Secure by Design in all top level budgets and arm’s length bodies.

All capabilities and services that handle Defence data must follow Secure by Design. This includes projects delivered by suppliers.

What you need to do

Your team is responsible for managing cyber security risks and doing self assessments. You do not have to apply for security accreditation that lasts for a period of time.

For your capability or service to be secure, your team needs to:

• consider cyber security from the start
• choose appropriate security frameworks and controls
• do regular self assessments
• continuously manage risks

Using this guidance

We are continuously improving this guidance. If you cannot find the guidance you need, tell us what is missing.

You will also find details of how to transfer or register for Secure by Design

Send us your feedback

Related guidance

• Blog post on managing cyber risk in capabilities
• National Cyber Security Centre's secure design principles
• GOV.UK guidance on Secure by Design

Published August 2024