Add CISA Secure by Design Cheat Sheet #1799
Conversation
Prasad-JB
force-pushed
the
add-cisa-secure-by-design-cs
branch
from
a9817f0 to
e05342d
Compare
Prasad-JB
force-pushed
the
add-cisa-secure-by-design-cs
branch
from
e05342d to
96036e9
Compare
|
Is this PR superseded by #1800? |
…1, and trailing newlines
|
@szh No, this PR (#1799) is the main one for the CISA Secure by Design cheat sheet. PR #1800 was a mistake that I've now closed. I've fixed all the lint errors (MD025 duplicate heading issues) and the markdown lint checks should now pass. This PR is ready for review. This cheat sheet provides practical guidance for implementing CISA's Secure by Design principles, complementing the existing Secure Product Design cheat sheet. |
| --- | ||
| layout: col-sidebar | ||
| title: CISA Secure by Design Cheat Sheet | ||
| tags: CISA, Secure-by-Design, Development, Principles | ||
| level: 2 | ||
| type: cheatsheet | ||
| pitch: Practical guidance for implementing CISA's Secure by Design principles in software development. | ||
| --- |
There was a problem hiding this comment.
We don't use this on any other of the cheat sheets. What's the purpose of it?
| - **Cross-functional Teams**: Create teams with both development and security expertise | ||
| - **Security Training**: Provide ongoing security education for all developers | ||
|
|
||
| ### 4. Secure the Software Development Lifecycle (SDLC) |
There was a problem hiding this comment.
I only see the first 3 principles in the whitepaper. Where are 4-7 from?
| ## Tools and Resources | ||
|
|
||
| - **CISA Secure by Design Alert**: [AA23-074A](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a) | ||
| - **CISA Secure by Design Principles**: [Full PDF Guide](https://www.cisa.gov/sites/default/files/2023-04/secure_by_design_alert_4.19.23.pdf) |
There was a problem hiding this comment.
I'm getting a 404 for this. Did you mean this?
| - **CISA Secure by Design Principles**: [Full PDF Guide](https://www.cisa.gov/sites/default/files/2023-04/secure_by_design_alert_4.19.23.pdf) | |
| - **CISA Secure by Design Principles**: [Full PDF Guide](https://www.cisa.gov/sites/default/files/2023-10/SecureByDesign_1025_508c.pdf) |
|
|
||
| - **CISA Secure by Design Alert**: [AA23-074A](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a) | ||
| - **CISA Secure by Design Principles**: [Full PDF Guide](https://www.cisa.gov/sites/default/files/2023-04/secure_by_design_alert_4.19.23.pdf) | ||
| - **OWASP Secure Product Design Cheat Sheet**: [Link to related cheat sheet] |
There was a problem hiding this comment.
| - **OWASP Secure Product Design Cheat Sheet**: [Link to related cheat sheet] | |
| - [OWASP Secure Product Design Cheat Sheet](Secure_Product_Design_Cheat_Sheet.md) |
| - **CISA Secure by Design Alert**: [AA23-074A](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a) | ||
| - **CISA Secure by Design Principles**: [Full PDF Guide](https://www.cisa.gov/sites/default/files/2023-04/secure_by_design_alert_4.19.23.pdf) | ||
| - **OWASP Secure Product Design Cheat Sheet**: [Link to related cheat sheet] | ||
| - **Memory Safety**: [CISA Memory Safety Roadmap](https://www.cisa.gov/resources-tools/resources/memory-safety-roadmap) |
|
|
||
| 1. [CISA Secure by Design](https://www.cisa.gov/securebydesign) | ||
| 2. [CISA Secure by Design Alert AA23-074A](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a) | ||
| 3. [CISA Memory Safety Recommendations](https://www.cisa.gov/resources-tools/resources/memory-safety-roadmap) |
|
|
||
| - Prasad-JB | ||
| - OWASP Cheat Sheets Team | ||
| - CISA Cybersecurity Division |
There was a problem hiding this comment.
I'm not sure if we can put this here if they don't directly contribute to this cheat sheet. It wouldn't be fair to them to claim they're involved if they aren't.
This PR adds a new cheat sheet based on CISA’s Secure by Design principles.
This should give teams a dedicated resource for applying the Secure by Design principles, while complementing the existing Secure Product Design cheat sheet.
Looking forward to feedback from the community