There is a lot to like in this plan from the ONCD official adoption and endorsement of CISA’s Secure by Design and Secure by Default principles and practices – ref initiative A6 in the implementation plan document.
A pilot project proposal has been submitted to EPRI that will demonstrate the very concepts described in this implementation plan pertaining to Secure by Design and Secure by Default requirements. A findings report will be produced identifying any obstacles encountered and solutions to address any identified obstacles. A set of Recommendations to ease “Secure by Design” and “Secure by Default” implementations will also be produced.
EPRI Project Proposal
November 15, 2024
Business Cyber Guardian a Reliable Energy Analytics LLC company is proposing to work with one energy industry entity serving in the role of a software consumer to implement a CISA “Secure by Design” pilot following CISA Software Acquisition Guide practices ( https://cisa.gov/sag ) and one software vendor serving in the role of software supplier to demonstrate and document the effective use of CISA Software Supply Chain Risk Management Secure by Design practices to identify trustworthy software products.