TheArtOfService
Back to Frameworks

Secure by Design: A Guide for Manufacturers (CISA)

Self-Assess
United States (Federal)
v2023
3 domains
3 controls

CISA's Secure by Design initiative establishes principles for technology manufacturers to build security into their products from the ground up, rather than relying on customers to implement security after deployment. The guidance calls on manufacturers to take ownership of customer security outcomes, embrace radical transparency, and build organizational structures that prioritize security. Developed jointly with international cybersecurity agencies.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (3)

Organization

1 controls
Controls in the Organization domain of Secure by Design: A Guide for Manufacturers (CISA)1 controls
CodeTitle
CISABD-3Build Organizational Structure and Leadership for Secure Outcomes

Ownership

1 controls
Controls in the Ownership domain of Secure by Design: A Guide for Manufacturers (CISA)1 controls
CodeTitle
CISABD-1Take Ownership of Customer Security Outcomes

Transparency

1 controls
Controls in the Transparency domain of Secure by Design: A Guide for Manufacturers (CISA)1 controls
CodeTitle
CISABD-2Embrace Radical Transparency and Accountability

Your Compliance Coverage

If you comply with Secure by Design: A Guide for Manufacturers (CISA), you already cover:

Azure Security Benchmark

100%

3 controls mapped

Compare →

NIST AI Risk Management Framework (AI RMF 1.0)

100%

3 controls mapped

Compare →

FFIEC Cybersecurity Assessment Tool (CAT)

100%

3 controls mapped

Compare →

+ 90 more: NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI) (100%), ISO/IEC 27011:2024 (100%)

See all 93 mapped frameworks ↓

Maps to 93 other frameworks

3 total controls
Azure Security Benchmark
3 source controls mapped|7 target controls covered
100%
NIST AI Risk Management Framework (AI RMF 1.0)
3 source controls mapped|2 target controls covered
100%
FFIEC Cybersecurity Assessment Tool (CAT)
3 source controls mapped|4 target controls covered
100%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
3 source controls mapped|16 target controls covered
100%
ISO/IEC 27011:2024
3 source controls mapped|5 target controls covered
100%
ISO 27018
3 source controls mapped|7 target controls covered
100%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
3 source controls mapped|7 target controls covered
100%
NIST SP 800-190
3 source controls mapped|7 target controls covered
100%
AWS Well-Architected Security Pillar
3 source controls mapped|7 target controls covered
100%
ISO 27017
3 source controls mapped|7 target controls covered
100%
NIST SP 800-53 Rev 5
3 source controls mapped|16 target controls covered
100%
FTC GLBA Safeguards Rule (16 CFR Part 314)
3 source controls mapped|2 target controls covered
100%
ISO/SAE 21434
3 source controls mapped|8 target controls covered
100%
ISO 27043
3 source controls mapped|8 target controls covered
100%
BSI IT-Grundschutz
3 source controls mapped|10 target controls covered
100%
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
2 source controls mapped|1 target controls covered
67%
UN Guiding Principles on Business and Human Rights (UNGPs)
2 source controls mapped|1 target controls covered
67%
ISO/IEC 29147:2018
2 source controls mapped|4 target controls covered
67%
AICPA Privacy Management Framework (PMF)
2 source controls mapped|1 target controls covered
67%
ISO 13485
2 source controls mapped|7 target controls covered
67%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
2 source controls mapped|9 target controls covered
67%
APRA CPS 230 Operational Risk Management
2 source controls mapped|1 target controls covered
67%
ISO 27799
2 source controls mapped|6 target controls covered
67%
ASD Strategies to Mitigate Cyber Security Incidents
2 source controls mapped|8 target controls covered
67%
ISO/IEC 30111:2019
2 source controls mapped|3 target controls covered
67%
AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)
2 source controls mapped|7 target controls covered
67%
ISO/IEC 29134:2023
2 source controls mapped|1 target controls covered
67%
FBI CJIS Security Policy
2 source controls mapped|4 target controls covered
67%
IATA Operational Safety Audit (IOSA) Standards Manual
1 source controls mapped|1 target controls covered
33%
UK Gambling Commission - Cyber Resilience Requirements
1 source controls mapped|1 target controls covered
33%
UK Defence Standard 05-138 - Cyber Security for Defence Suppliers
1 source controls mapped|1 target controls covered
33%
Space ISAC (Information Sharing and Analysis Center) - Threat Framework
1 source controls mapped|1 target controls covered
33%
ISO 28001:2007 Supply Chain Security Management
1 source controls mapped|1 target controls covered
33%
Bahrain PDPL
1 source controls mapped|1 target controls covered
33%
Vietnam PDPD
1 source controls mapped|1 target controls covered
33%
Vermont Artificial Intelligence and Consumer Data Act (AICDA)
1 source controls mapped|1 target controls covered
33%
USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)
1 source controls mapped|1 target controls covered
33%
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements
1 source controls mapped|1 target controls covered
33%
Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter
1 source controls mapped|1 target controls covered
33%
Turkey KVKK
1 source controls mapped|1 target controls covered
33%
Tennessee Information Protection Act (TIPA)
1 source controls mapped|1 target controls covered
33%
TEFCA - Trusted Exchange Framework and Common Agreement
1 source controls mapped|1 target controls covered
33%
SWIFT CSCF
1 source controls mapped|1 target controls covered
33%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|3 target controls covered
33%
NIST Cybersecurity Framework 2.0
1 source controls mapped|4 target controls covered
33%
ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary
1 source controls mapped|4 target controls covered
33%
ISO 19650 - Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM)
1 source controls mapped|1 target controls covered
33%
Authorised Economic Operator (AEO) Programmes - Global Standards
1 source controls mapped|1 target controls covered
33%
ISO/IEC 27006:2024
1 source controls mapped|1 target controls covered
33%
ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories
1 source controls mapped|1 target controls covered
33%
ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence
1 source controls mapped|5 target controls covered
33%
APRA CPS 234
1 source controls mapped|2 target controls covered
33%
PCI SSF
1 source controls mapped|2 target controls covered
33%
IEC 62443
1 source controls mapped|2 target controls covered
33%
FFIEC IT Examination Handbook
1 source controls mapped|2 target controls covered
33%
API 1164
1 source controls mapped|2 target controls covered
33%
AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence
1 source controls mapped|2 target controls covered
33%
AS9100D - Aerospace Quality Management System
1 source controls mapped|1 target controls covered
33%
ISO/IEC 27003:2017
1 source controls mapped|1 target controls covered
33%
Annex 11 to EU GMP - Computerised Systems
1 source controls mapped|2 target controls covered
33%
ISO 26262:2018 - Functional Safety for Road Vehicles
1 source controls mapped|1 target controls covered
33%
ITIL 4
1 source controls mapped|1 target controls covered
33%
ISO 27019
1 source controls mapped|2 target controls covered
33%
IEC 62304:2015 Medical Device Software Lifecycle Processes
1 source controls mapped|2 target controls covered
33%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
33%
ISO/IEC 27400:2022
1 source controls mapped|3 target controls covered
33%
NIST SP 1800-32
1 source controls mapped|2 target controls covered
33%
ISO 20000-1
1 source controls mapped|2 target controls covered
33%
PCI P2PE
1 source controls mapped|2 target controls covered
33%
PCI PIN Security
1 source controls mapped|2 target controls covered
33%
AML/CTF Act 2006 (Australia)
1 source controls mapped|1 target controls covered
33%
NIST SP 800-171
1 source controls mapped|1 target controls covered
33%
Bank Secrecy Act / Anti-Money Laundering (BSA/AML)
1 source controls mapped|1 target controls covered
33%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
1 source controls mapped|1 target controls covered
33%
ISO/IEC 23837 - Security Requirements for Quantum Key Distribution
1 source controls mapped|4 target controls covered
33%
ISO 19011
1 source controls mapped|4 target controls covered
33%
NSA Guidance for Transition to Quantum-Resistant Cryptography
1 source controls mapped|3 target controls covered
33%
Illinois Biometric Information Privacy Act (BIPA)
1 source controls mapped|2 target controls covered
33%
ISO/IEC 27010:2015
1 source controls mapped|1 target controls covered
33%
ISO/IEC 29115:2023 - Entity Authentication Assurance Framework
1 source controls mapped|4 target controls covered
33%
Armenia Law on Protection of Personal Data (2015)
1 source controls mapped|1 target controls covered
33%
ISO 27005
1 source controls mapped|1 target controls covered
33%
ISO 31000:2018
1 source controls mapped|2 target controls covered
33%
ISO/IEC 25012:2008 - Data Quality Model
1 source controls mapped|1 target controls covered
33%
APPI
1 source controls mapped|1 target controls covered
33%
NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices
1 source controls mapped|4 target controls covered
33%
DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)
1 source controls mapped|1 target controls covered
33%
MARS-E - Minimum Acceptable Risk Standards for Exchanges
1 source controls mapped|2 target controls covered
33%
NATO STANAG 4774 (Confidentiality Metadata Labels) and STANAG 4778 (Metadata Binding)
1 source controls mapped|1 target controls covered
33%
ITU-T X.805 - Security Architecture for End-to-End Communications
1 source controls mapped|1 target controls covered
33%
Florida Digital Bill of Rights (FDBR)
1 source controls mapped|2 target controls covered
33%
FIDO2 / WebAuthn
1 source controls mapped|1 target controls covered
33%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
1 source controls mapped|1 target controls covered
33%
Compare Secure by Design: A Guide for Manufacturers (CISA) with Azure Security Benchmark

Frequently Asked Questions

What is Secure by Design: A Guide for Manufacturers (CISA)?

Secure by Design: A Guide for Manufacturers (CISA) is a compliance framework from United States (Federal) with 3 domains and 3 controls. CISA's Secure by Design initiative establishes principles for technology manufacturers to build security into their products from the ground up, rather than relying on customers to implement security after deployment. The guidance calls on manufacturers to take ownership of customer security outcomes, embrace radical transparency, and build organizational structures that prioritize security. Developed jointly with international cybersecurity agencies. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Secure by Design: A Guide for Manufacturers (CISA) have?

Secure by Design: A Guide for Manufacturers (CISA) has 3 controls organised across 3 domains. The largest domains are Organization (1 controls), Ownership (1 controls), Transparency (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Secure by Design: A Guide for Manufacturers (CISA) map to?

Secure by Design: A Guide for Manufacturers (CISA) maps to 93 other compliance frameworks. The top mapping partners are Azure Security Benchmark (100% coverage), NIST AI Risk Management Framework (AI RMF 1.0) (100% coverage), FFIEC Cybersecurity Assessment Tool (CAT) (100% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Secure by Design: A Guide for Manufacturers (CISA) compliance?

Start your Secure by Design: A Guide for Manufacturers (CISA) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Secure by Design: A Guide for Manufacturers (CISA) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 3 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required