The US Cybersecurity & Infrastructure Security Agency (CISA) has published IT sector-specific goals (IT SSGs) to protect against cyber threats, including 11 software development process goals and seven product design goals.
Published January 7, the Information Technology (IT) Sector-Specific Goals were based on CISA operational data and research on the current threat landscape. The IT SSGs are additional voluntary practices with high-impact security actions beyond cross-sector cybersecurity performance goals (CPGs).
The number-one software development process goal cited is to separate all environments used in software development—including development, build, test, and distribution environments—to prevent unauthorized access to sensitive data and systems. The number-one goal for secure product design cited is to increase the use of multifactor authentication (MFA) to reduce the risk of password compromise or utilization of weak passwords. The goals were developed in collaboration with government, industry groups, and private sector groups.