The Canadian Centre for Cyber Security (Cyber Centre), in collaboration with international partners, has issued updated guidance on acquiring secure digital products and services. This effort is a joint initiative with:
- Australian Signals Directorate (ASD) – Australian Cyber Security Centre (ACSC)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- Republic of Korea National Intelligence Service (NIS) and its National Cyber Security Centre (NCSC-Korea)
- United Kingdom’s National Cyber Security Centre (NCSC-UK)
- United States’ Cybersecurity and Infrastructure Security Agency (CISA)
Key Objective
To safeguard privacy and data against cyber threats, the guidance emphasizes that organizations must prioritize secure and verifiable technologies. This involves thoroughly evaluating the security, suitability, and risks associated with digital products and services before procurement and operation.
Publications Included
- Choosing Secure and Verifiable Technologies: Executive Summary
This summary is designed to inform senior leaders about critical considerations during the procurement process for digital products and services.
- Choosing Secure and Verifiable Technologies (Version 2)
The updated guidance focuses on secure-by-design principles to help organizations make well-informed decisions when procuring information and communication technology. It also outlines key security expectations for manufacturers, promoting the development of more secure technologies.
By adopting these practices, organizations can proactively mitigate risks, protect user privacy, and support a more secure digital ecosystem. Manufacturers, in turn, are encouraged to align with customer expectations by embedding robust security measures in their products from the outset.
Stay informed and choose secure technologies to strengthen your cyber resilience.
Source: Canadian Centre for Cyber Security
