Since our inception, Secure by Design has been a non-negotiable principle at Beyond Identity. And we take security seriously. It is reflected in who we hire, how we build, how we design, test, and maintain our architecture, and every aspect of our organization.

We’re excited to see Cybersecurity and Infrastructure Security Agency (CISA) take action in organizing a Secure by Design pledge. By signing this pledge, we are proud to be joining other industry leaders in reinforcing our dedication to developing secure software. 

Book a demo to see the Secure by Design difference. 

What is the CISA Secure by Design pledge?

The CISA Secure by Design pledge is a voluntary pledge for enterprise software and services providers. Signers pledge to make progress towards achieving software security best practices developed by CISA, NIST, and other federal agencies, as well as international and industry best practices. 

There are seven core components of the pledge:

1. Increase the use of multi-factor authentication across the manufacturer’s products
2. Reduce default passwords across the manufacturer’s products
3. Reduce prevalence of one or more vulnerability class across the manufacturer's products
4. Increase the installation of security patches by customers
5. Publish a vulnerability disclosure policy that authorizes testing by members of the public on products offered by the manufacturer
6. Demonstrate transparency in vulnerability reporting by including accurate Common Weakness Enumeration (CWE) and Common Platform Enumeration (CPE) fields in every Common Vulnerabilities and Exposures (CVE) record for the manufacturer’s products 
7. Increase the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products

Our commitment to Secure by Design pledge

We’re proud that our security-first approach to building, shipping, and testing software means that we currently meet and exceed the majority of CISA’s Secure by Design security and transparency requirements. 

Our platform is architected with zero reliance or fallback to phishable factors. Every authentication with the Beyond Identity product is phishing-resistant, passwordless, and multi-factor.