Vendors that have demonstrated a commitment to Secure by Design and Secure by Default principles and practices, including secure programming practices and either memory-safe programming languages or less preferably memory-safe programming practices, are used for operating systems.
Topic
Operating system selection
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Mar 2025
Vendors that have demonstrated a commitment to Secure by Design and Secure by Default principles and practices, including secure programming practices and either memory-safe programming languages or less preferably memory-safe programming practices, are used for operating systems.
A number of existing controls were reworded for clarity without changing their intent.
Mar 2023
Operating systems are chosen from vendors that have demonstrated a commitment to secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, secure programming practices, and maintaining the security of their products.
An existing control relating to choosing operating systems from ‘vendors that have made a commitment to secure-by-design principles, secure programming practices and maintaining the security of their products’ was amended to ‘vendors that have demonstrated a commitment to secure-by-design and secure-by-default principles, use of memory-safe programming languages where possible, secure programming practices, and maintaining the security of their products’.
Mar 2022
Operating systems are chosen from vendors that have made a commitment to secure-by-design principles, secure programming practices and maintaining the security of their products.
When selecting operating systems, it is important that an organisation preferences vendors that have demonstrated a commitment to secure-by-design principles, secure programming practices and maintaining the security of their products.