Add links and explanations around Secure by Design principles

DFE-Digital · Dec 18, 2024 · 176be7b · 176be7b
1 parent 8efdcb4
commit 176be7b
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/source/principles/secure-by-design-principles/index.html.md.erb b/source/principles/secure-by-design-principles/index.html.md.erb
@@ -0,0 +1,23 @@
+---
+title: Secure by Design principles
+weight: 30
+---
+
+# <%= current_page.data.title %>
+
+[Secure by Design (SbD)](https://www.security.gov.uk/policy-and-guidance/secure-by-design/) is a cross-government approach that will be introduced to the Department for Education (DfE) in January 2025. It sets out what delivery teams and security professionals need to do to incorporate effective cyber security practices when building digital services and technical infrastructure.
+
+From January, any project delivering changes to digital services or technology infrastructure that is in scope of the [digital and technology spend controls approval process](https://www.gov.uk/government/publications/digital-and-technology-spend-control-version-6) must follow [Secure by Design principles](https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/). Digital services which are in operation or undergoing routine maintenance are not in scope for January. Over time, all projects will be required to follow Secure by Design principles and this will be agreed as part of the DfE CIS Division strategy and roadmap for SbD.
+
+If your project is in scope for Secure by Design, contact the SbD delivery team at the [Secure by Design support channel on Slack](https://ukgovernmentdfe.slack.com/archives/C081Q6S91FB).
+
+## DfE SbD documentation
+
+In order to assist you and your team with compliance to Secure by Design, you can view [the DfE SbD documentation](https://secure-by-design.security.education.gov.uk/) which is being regularly updated with:
+
+* guides on how to meet [principles and activities](https://secure-by-design.security.education.gov.uk/secure_by_design_principles/)
+* how the CIS Division can help your team 
+* [SbD policies for DfE](https://secure-by-design.security.education.gov.uk/policies/threat_intelligence_policy/)
+* [documented processes](https://secure-by-design.security.education.gov.uk/Vulnerability%20Management/how_to_triage_vulnerabilities/) that can be used to meet requirements
+* links and guides on [security tooling](https://secure-by-design.security.education.gov.uk/SbD%20Activities/discovering_vulnerabilities/), training and activities
+* [useful documentation downloads](https://secure-by-design.security.education.gov.uk/Useful%20Documents/useful_document_links/)