Topic

User application selection

Applicable to

Non Classified, Official, Protected, Secret, Top Secret

History

Priority

recommended

Mar 2025

Vendors that have demonstrated a commitment to Secure by Design and Secure by Default principles and practices, including secure programming practices and either memory-safe programming languages or less preferably memory-safe programming practices, are used for user applications.

A number of existing controls were reworded for clarity without changing their intent.

Mar 2023

User applications are chosen from vendors that have demonstrated a commitment to secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, secure programming practices, and maintaining the security of their products.

An existing control relating to choosing applications from ‘vendors that have made a commitment to secure-by-design principles, secure programming practices and maintaining the security of their products’ was amended to ‘user applications’ and ‘vendors that have demonstrated a commitment to secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, secure programming practices, and maintaining the security of their products’.

Mar 2022

Applications are chosen from vendors that have made a commitment to secure-by-design principles, secure programming practices and maintaining the security of their products.

When selecting applications, it is important that an organisation preferences vendors that have demonstrated a commitment to secure-by-design principles, secure programming practices and maintaining the security of their products.

2015

Agencies should choose products from developers that have made a commitment to thecontinuing maintenance of the assurance of their product.

2010

It is recommended agencies choose products from developers that have made a commitment to thecontinuing maintenance of the assurance of their product.