Digital MOD.UK

Get the basics right

Make sure you have the people and processes in place to be Secure by Design.

Defining your context
Understand the context of what you are trying to deliver.
Defining your risk appetite
Make sure your risk appetite is defined and published.
Creating a security strategy
Your security strategy sets the direction for a capability’s desired security posture.
Capability registration
Every capability must be registered on the Cyber Activity and Assurance Tracker (CAAT).
Define cyber security Suitably Qualified and Experienced Person (SQEP) requirements
Know the skill sets needed for defining context and risk appetite.
Embedding security within investment approvals 
Follow a Secure by Design (SbD) approach to embed security in investment approvals.
Creating a security plan 
Security plans for achieving high-level goals.
Security Working Group
A Security Working Group (SWG) for overseeing security practices and decision-making.
Creating system and security requirements
Define your system and security requirements.
Plan the through-life approach
Plan your approach to security using Defence Lines of Development.