Supplementary References 

Supplementary references will be introduced periodically to help owners of Critical Information Infrastructure (CII) proactively secure and build resilience into their systems. These references serve as additional resources for CII owners when complying with Code of Practices issued by the Commissioner of Cybersecurity. The list of supplementary references can be found below:


1. Security-by-Design Framework

The Security-by-Design Framework [2 MB] was developed to guide CII owners through the process of incorporating security into their Systems Development Lifecycle process. Security-by-Design is an approach which addresses the cyber protection considerations throughout a system’s lifecycle and it is one of the key components of the Cybersecurity Code of Practice for Critical Information Infrastructure.

2. Security-by-Design Framework Checklist

The Security-by-Design Framework Checklist [753 KB] is a step-by-step supplementary worksheet to the Security-by-Design Framework. It acts as a quick reference guide for cybersecurity practitioners to adopt the Security-by-Design Framework.

3. Guide to Conducting Cybersecurity Risk Assessment for CII

The Guide to Conducting Cybersecurity Risk Assessment for CII [1.25MB] was developed to provide guidance to CII Owners on how to perform a proper cybersecurity risk assessment. This guidance document also spells out the expectations that CII Owners are required to note when conducting their risk assessment under the Cybersecurity Act 2018.