Skip main navigation

Secure-by-Design Foundation Guidelines

An introduction to Secure-by-Design Foundations
Graphic showing the 8 Secure-by-Design Foundations guidelines over the top of image of skyscrpers
The ASD (Australian Signals Directorate) and ACSC (Australian Cyber Security Centre) have established draft Secure-by-Design Foundation guidelines to assist technology manufacturers and developers to adopt Secure by Design practices.

The Foundations are designed to assist technology manufacturers across industry and government to adopt Secure by Design practices. They are intended to foster discussion between technology manufacturers and customers on how to best implement Secure by Design, aiming to encourage the design and development of more secure products.

The Foundations are based on the premise that Secure by Design requires careful consideration of cyber threats from the outset to enable risk mitigation through thoughtful design and security measures. Its core focus is to protect consumer privacy and data by designing, developing, and delivering products with fewer vulnerabilities.

The Foundations build on the international publication Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default, which highlights the principles and approaches for Secure by Design and Secure by Default by Australia and other foreign cyber security agencies.

The Foundations address how software manufacturers can make important shifts in their thinking and practices to deliver products that have strong security features embedded within them.

The Foundation Guidelines

Under each Foundation, key focus areas to uplift security have been identified, as well as how each Foundation mitigates key risks. The overarching goal is to reduce known risk areas by following a Secure by Design approach.

The Secure-by-Design Foundations are:

  • Holistic secure organisation
  • Shift left security
  • Secure code
  • Testing
  • Data security
  • Continuous assurance
  • Maintenance and support
  • Secure deprecation


Read this document, which briefly overviews each foundation, key focus areas, and key risk mitigation areas.

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now