CISA Secure by Design Pledge


This is a voluntary pledge focused on enterprise software products and services, including on-premises software, cloud services, and software as a service (SaaS). Physical products such as IoT devices and consumer products are not scoped in the pledge, though companies who wish to demonstrate progress in those areas are welcome to do so.

By participating in the pledge, software manufacturers are pledging to make a good-faith effort to work towards the goals listed below over the following year.

The pledge is structured with seven goals. Each goal has the core criteria which manufacturers are pledging to work towards, in addition to context and example approaches to achieve the goal and demonstrate measurable progress. To enable a variety of approaches, software manufacturers participating in the pledge have the discretion to decide how best they can meet and demonstrate the core criteria of each goal. Demonstrating measurable progress across the manufacturer’s products can take a variety of forms — such as by taking action on all the manufacturer’s products, or by choosing a set of products to first address and publishing a roadmap for other products.

Previous Story

NSA Zero-Trust Framework