Launched in July 2023, MoD Secure by Design (SbD) ensures that SROs, capability owners, and delivery teams take full accountability for delivering cyber-secure systems across MOD environments.

Traditionally, cybersecurity was treated as an afterthought - tacked onto the end of a programme lifecycle through an accreditation process that often failed to deliver truly secure capabilities. For years, MOD relied on an annual accreditation approach, requiring an RMADS to meet security and risk management standards.

SbD replaces this outdated model with a continual assessment process, ensuring ongoing security support throughout a system’s lifecycle. This transformation strengthens assurance, enhances risk management, and reinforces the resilience of Defence operations.

The seven core SbD principles are now mandatory for all new MOD systems and those transitioning from legacy accreditation, embedding cybersecurity from the start.

Beyond Defence, the Secure by Design approach is gaining traction across industries, including government and police, as part of the UK’s national effort to enhance cyber resilience in line with NCSC guidelines.