Merge pull request #206 from DFE-Digital/link-to-sbd-documentation

Add links and explanations around Secure by Design principles
DFE-Digital · Jan 6, 2025 · 519f7bd · 519f7bd
2 parents aa80ef5 + 6b79b7d
commit 519f7bd
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/source/principles/secure-by-design-principles/index.html.md.erb b/source/principles/secure-by-design-principles/index.html.md.erb
@@ -0,0 +1,23 @@
+---
+title: Secure by Design principles
+weight: 30
+---
+
+# <%= current_page.data.title %>
+
+[Secure by Design (SbD)](https://www.security.gov.uk/policy-and-guidance/secure-by-design/) is a cross-government approach that will be introduced to the Department for Education (DfE) in January 2025. It sets out what delivery teams and security professionals need to do to incorporate effective cyber security practices when building digital services and technical infrastructure.
+
+From January, any project delivering changes to digital services or technology infrastructure that is in scope of the [digital and technology spend controls approval process](https://www.gov.uk/government/publications/digital-and-technology-spend-control-version-6) must follow [SbD principles](https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/). Digital services which are in operation or undergoing routine maintenance are not in scope for January. Over time, all projects will be required to follow SbD principles and this will be agreed as part of the DfE Cyber and Information Security (CIS) Division strategy and roadmap for SbD.
+
+If your project is in scope for SbD, contact the SbD delivery team at the [SbD support channel on Slack](https://ukgovernmentdfe.slack.com/archives/C081Q6S91FB).
+
+## DfE SbD documentation
+
+To help you and your team with compliance to SbD, you can view [the DfE SbD documentation](https://secure-by-design.security.education.gov.uk/) which is being regularly updated with:
+
+* guides on how to meet [principles and activities](https://secure-by-design.security.education.gov.uk/secure_by_design_principles/)
+* how the CIS Division can help your team 
+* [SbD policies for DfE](https://secure-by-design.security.education.gov.uk/policies/threat_intelligence_policy/)
+* [documented processes](https://secure-by-design.security.education.gov.uk/Vulnerability%20Management/how_to_triage_vulnerabilities/) that can be used to meet requirements
+* links and guides on [security tooling](https://secure-by-design.security.education.gov.uk/SbD%20Activities/discovering_vulnerabilities/), training and activities
+* [useful documentation downloads](https://secure-by-design.security.education.gov.uk/Useful%20Documents/useful_document_links/)