Supplementary references will be introduced periodically to help owners of Critical Information Infrastructure (CII) proactively secure and build resilience into their systems. These references serve as additional resources for CII owners when complying with Code of Practices issued by the Commissioner of Cybersecurity. The list of supplementary references can be found below:

1. Security-by-Design Framework

The Security-by-Design Framework [2 MB] was developed to guide CII owners through the process of incorporating security into their Systems Development Lifecycle process. Security-by-Design is an approach which addresses the cyber protection considerations throughout a system’s lifecycle and it is one of the key components of the Cybersecurity Code of Practice for Critical Information Infrastructure.

2. Security-by-Design Framework Checklist

The Security-by-Design Framework Checklist [753 KB] is a step-by-step supplementary worksheet to the Security-by-Design Framework. It acts as a quick reference guide for cybersecurity practitioners to adopt the Security-by-Design Framework.